KnowBe4, the provider of a security awareness training and simulated phishing platform has released the new 2023 Phishing by Industry Benchmarking Report for Asia to measure an organisation’s Phish-proneTM Percentage (PPP), which indicates how many of their employees are likely to fall for a phishing or a social engineering scam.
This year's report reveals that according to the baseline testing conducted, without security training, across all industries, 30.0% of employees in Asia are likely to click on a suspicious link or comply with a fraudulent request. This is a decrease from last year's 34.5% PPP for the APAC region and demonstrates the efficacy of security awareness training and its correlation to strengthening security culture.
KnowBe4 analysed a data set of over 12.5 million users, across 35,681 organisations, with over 32.1 million simulated phishing security tests, across 19 industries and seven geographic regions. The resulting baseline PPP measures the percentage of employees in organisations without KnowBe4 security training who clicked a simulated phishing email link or opened an infected attachment during testing.
When companies implemented a combination of training and simulated phishing security testing after their initial baseline measurement, the results changed dramatically. Ninety days after completing monthly or more frequent security training, the average PPP in Asia decreased to 14.9%. After twelve months of security training and simulated phishing security tests, the average PPP dropped to 6.5%, indicating that new habits have become routine, fostering a more robust human firewall and improved security culture.
The report also reveals which industries are most vulnerable to cyber threats and have the highest PPP, indicating a stronger need for security awareness training. Across small and medium organisations, the healthcare and pharmaceuticals industry has the highest PPP of 32.3% and 35.8%, respectively. Across large organisations, the insurance industry remains the most at risk for a second consecutive year with a PPP of 53.2%, relatively unchanged from 2022.
The report underscores that while technology is vital in preventing and recovering from an attack, organisations cannot ignore the human factor.
Verizon's 2023 Data Breach Investigations report states that 74% of breaches this year involved the human element. This is a slight improvement from last year's 82%. However, organisations must continue focusing on the human element of cyberattacks by implementing proven training methods that directly impact their workforce.
“The findings from KnowBe4’s Phishing by Industry Benchmark report are a testament to the effectiveness of new-school security awareness training and simulated phishing,” says Jacqueline Jayne, security awareness advocate for APAC at KnowBe4. “An educated workforce forms a strong human firewall, which is key to practising safe cyber habits and building a strong security culture.”
“KnowBe4’s platform, is used by more than 60,000 organisations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defence,” Jayne informs.