Analysis of over 52 million phishing simulations finds that entertainment-based triggers account for almost 20% of successful phishing scams
LEESBURG, VA. – November 30, 2017 – PhishMe®, the leading provider of human phishing defense solutions, today released its 2017 Enterprise Phishing Resiliency and Defense Report, which analyzes phishing simulation trends from over 1,400 PhishMe customers across the globe. With susceptibility rates on the decline and reporting and resiliency rates on the rise, PhishMe customers are seeing the benefit of anti-phishing programs within their organization.
The PhishMe research team analyzed and compiled data from over 52 million phishing simulations performed from January 2015 to July 2017, in addition to real attacks that took place from January 2017 to August 2017. Responses were gathered from a sample of over 1,400 PhishMe customers in more than 50 countries, including Fortune 500 and public sector organizations across 23 industry verticals. In addition to data on how resiliency and reporting helps organizations, the report also offers deep insights into who clicks, why they click, what makes people most susceptible and how to engage employees as part of the solution.
Key findings from the 2017 report, include:
- Susceptibility rates are declining; repeated phishing simulations have shown a shrinking susceptibility rate for three years running, leading to an overall five percent drop among PhishMe customers.
- Reporting rates have climbed a healthy six percent in three years: Incorporating a one-click email reporting button has proven to lower phishing susceptibility among employees.
- As reporting or engagement increased among PhishMe customers, susceptibility to phishing attacks declined.
- In previous years fear, urgency and curiosity were the top emotional motivators behind successful phishes. Now they’re closer to the bottom, replaced by entertainment, social media and reward/recognition.
- Emails with malicious URLs are the most reported, with almost 15% of the emails employees reported in this study found to be malicious.
“With phishing attacks up 65% worldwide from last year, this continues to be the number one cyber threat to organizations of all sizes,” said Aaron Higbee, CTO and co-founder at PhishMe. “Phishing attacks have the ability to skirt technology and target human emotion, making it imperative that organizations empower their employees to be part of the solution. Our analysis continues to show that conditioning employees to recognize and report on phishing attempts lowers susceptibility, which is proof that progressive anti-phishing programs keep organizations safer.”
To download a full copy of the 2017 Enterprise Phishing Resiliency and Defense Report, click here: https://phishme.com/phishing-resiliency-report-2017/
PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.