Security firm Proofpoint just released their 2023 “State of the Phish” report. The data is based on surveys to 7,500 working adults, 1,050 IT and security professionals, 135 million simulated phishing attacks and 18 Million emails reported by their clients as phishing.
Poor performance on definitions:
70% of consumers could not define Vishing (Voice phishing)
71% could not define Smishing (Text based phishing)
31% were not able to define malware
60% unable to define Ransomware
42% couldn’t define Phishing
Poor performance on common email security fundamentals :
21% of users don’t know that an email can appear to be from someone other than the sender
44% of users don’t know that a familiar brand doesn’t make the email safe
63% of users don’t know that an email link text might not match the website it goes to
11% of recipients fell for phishing simulations mentioning “DocuSign document for review” and “FedEx delivery failure”
28% of users reuse passwords for multiple work-related accounts
Scope of the problem
34% of users did something in 2022 that put themselves or their organizations at risk
84% of organizations faced at least one successful phishing attack
54% faced three or more successful phishing attacks
35% of organizations say they conduct phishing simulations.
Hopefully your organization is doing better than this data would suggest. Unfortunately, it’s doubtful your clients would score this well.
If awareness is a first step in addressing a problem, it appears we may have a long road ahead of us.
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.