News
CybeReady announced it will demonstrate new phishing simulation statistics
June 2022 by Marc Jacob
CybeReady announced it will demonstrate new phishing simulation statistics during the 2022 RSA Conference in San Francisco. In its review of millions of phishing simulations in 2022, CybeReady is revealing insightful data will show how certain phishing attacks may impact employees and the security posture of the company they work for more than others.
About 3.4 billion phishing emails are being sent every day according to data published by Checkpoint. With most cyberattacks occurring via phishing emails, we are still unable to provide 100% protection via tech solutions alone. The best cyber defense technologies in the world will still miss 1.23% of phishing emails. That means that an organization with 20,000 employees, exchanging 12M emails per month, will have a miss rate of 147,600 emails per month. In other words, even the most cyber defense tech-ready organization will miss detecting over 1.5M phishing emails per year.
In financial terms: with the average cost of being attacked now climbing to 14.8M USD, up from 3.8M USD in 2015, and with a million phishing emails missed per year, by default, one phishing email mistake can potentially run a company out of business, or create a serious headache.
In recent phishing simulation data produced by CybeReady, a number of interesting insights were revealed. For example, corporate employees were 1.75 times more likely to fall for a phishing email in their native language. Phishing simulations on financial notifications received the highest click rate of approximately 25% of the sample size, on average. CybeReady has collected more than 30 million data points gathered by phishing simulations sent to thousands of enterprise employees globally. Additional results of the CybeReady survey can be viewed here:
Insights From CybeReady’s Data Analysis:
• Machine Learning selected phishing simulations are twice (2x) more effective than randomly (manually) selected phishing simulations.
• New employees are 50% (1.5 times) more likely to fall for any phishing simulation, compared to employees that have been with an organization for more than a year.
• Phishing simulations in an employee’s native language perform 75% better. In other words. An employee who speaks native Spanish, for example, is 1.75 times more likely to click on a phishing email that was delivered to him in Spanish, as opposed to an English message.
CybeReady recommends creating risk profiles for employees and activating intensified programs for new and high-risk employees. When distributing phishing simulations, the selection should be based on data analytics and use the employee native language especially in global companies.
Effectiveness (or performance) in phishing simulations means that employees click on a link or open an email attachment. While that may sound counterintuitive to some, when it comes to phishing training these actions are required for generating a “teachable moment” for employees and companies should aim to maximize these learning opportunities.
