Please fill in the form below to subscribe to our blog

What is Your Phishing Risk?

October 23, 2021

See If Your Business Is In a High-Risk Position

Wouldn’t it be great if you could determine exactly what your organization’s phishing risk really is? Phishing is the most common risk that any business faces these days as well as the most potentially devastating, and it’s coming at businesses from every side. Cybercriminals are sharks, looking for blood in the water from industries, businesses and workers that are under pressure. They’re fast-moving and relentless – phishing risk in August 2021 was up almost 300% over 2020’s record-breaking numbers.That’s what makes it important for companies to be aware of their phishing risk and take action to lower it. These lists can help you see how much of an impact phishing could have on your business this year. 

Phishing risk varies by industry. Many factors can impact the calculus for exactly how likely a business in that sector is to be targeted in a phishing attack. Throughout the last few years, we’ve seen how cyberattack risk shifts in industries based on factors like public need, production pressure and profitability of their data. An estimated 74% of respondents in a business survey admitted that their companies had been successfully phished in the last year. These fact lists can help you gain a better understanding of who is being targeted, why it is critical that you take action to protect your business from phishing and a highly effective way to do it. 

ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>

Phishing Is The Biggest Data Breach Risk

Is Your Business Facing Any of These Risk Factors?  

Dangerous Employee Behavior  

An estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email. So what are they most likely to do when they receive a phishing message? Many times, they’re likely to do something dangerous. In Cisco’s 2021 Cybersecurity Threat Trends Report, researchers concluded that 86% of organizations had at least one employee try to connect to a phishing site in 2020. That’s an enormous risk for a business of any size.  

Of course, the pandemic did not help matters. In that same report, researchers noted that bad actors were quick to take advantage of the phishing opportunities that the pandemic brought them. Threat actors established a plethora of credential phishing and malware dropper sites. The study showed that the majority of those sites mimicked content from the CDC, ECDC, or other health and government authorities with North America and EMEA at the top of the heap accounting for accounted for 77% of malicious pandemic traffic in 2020. 

Likelihood of Dangerous Employee Email & Phishing Behaviors 

  • 1 in 3 employees are likely to click the links in phishing emails. 
  • 1 in 8 employees are likely to share information requested in a phishing email.   
  • 60% of employees opened emails they weren’t fully confident were safe 
  • 45% click emails they consider to be suspicious “just in case it’s important.” 
  • 45% of employees never report suspicious messages to IT for review.    
  • 41% of employees failed to notice a phishing message because they were tired. 
  • 47% of workers cited distraction as the main factor in their failure to spot phishing attempts. 

Which business sectors are most likely to have employees that will interact with phishing messages? Here is the top 5.

The Top 5 Sectors in Which Employees Interact with Phishing Messages  

  1. Consulting 
  1. Apparel and accessories 
  1. Education 
  1. Technology 
  1. Conglomerates/Multi-Nationals 

In which industries will cybercriminals find the people who are most likely to submit credentials or share information? These are the top 5 most vulnerable industries:  

The Top 5 Sectors in Which Phishing Leads to Credential Compromise 

  1. Apparel and accessories 
  1. Consulting 
  1. Securities and commodity exchanges 
  1. Education 
  1. Conglomerates/Multi-Nationals 

Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>

Web-Based Business Phishing Risk 

Does the nature of your business make you a prime target for phishing? If you’re securing or running a company that primarily does business online through a website, platform or service, phishing might just hit your company a little differently. 

Website Categories Most Targeted by Phishing Attacks 

As the percentage of total recorded phishing attacks in Q1 2021 

  • Financial Services & Banking: 24.9% 
  • Social Media: 23.6% 
  • SaaS & Webmail: 19.6% 
  • Payment: 8.5% 
  • E-Commerce & Retail: 7.6% 
  • Shipping & Logistics: 5.8% 
  • Cryptocurrency: 2% 
  • Other: 8% 

dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>

Phishing Risk by Department 

Who are bad actors angling to catch with their tsunami of phishing messages? Where are they sending them in your company?  A phishing study shows that the answer is: All over the place. No department is safe from the enticements of sophisticated phishing messages. Surprisingly, 75% of the respondents indicated that the targets of many phishing attempts were IT staffers themselves, who you’d think would be savvy to these attacks, except 40% of those IT staffers fell for the bait.    

Most Likely Departments to be Targeted by Phishing  

  • IT = 74%  
  • Sales =35%  
  • Executives = 27%  
  • Marketing = 25%  
  • Customer Support = 21% 

us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>

How Likely Is Your Business to Face Two Major League Consequences of Phishing? 


The most famous (or infamous) phishing-related cyberattack that businesses face today is undoubtedly ransomware. Statista reports that just under 70% percent of businesses worldwide have been victimized by ransomware in 2021, a steep increase from the three preceding years and the highest figure reported so far. No matter where you are in the world, ransomware is a pitfall that your business faces every day. Organizations located in Asia (33%) and North America (30%) and Europe (27%) were the hardest hit by ransomware attacks in 2020 and carry the most risk in 2021. Any organization that takes a hit from a ransomware attack is going to hemorrhage money. Ransomware losses in 2021 are already up more than 300% over the same period last year, beating 2020’s record-setting pace.   

That should be alarming to SMBs. Just one cyberattack can be a death blow for an SMB. The exorbitant costs, lost revenue and reputation damage that a business suffers in the wake of a ransomware incident are often simply too steep for many businesses to survive – 60% of companies go out of business within 6 months after a cyberattack like a ransomware incident. The size of a business is not a deterrent for ransomware gangs either. You may think that your business is too small for ransomware threat actors to bother with, but that’s not true – 55% of ransomware attacks now involve companies with fewer than 100 employees. 

Data Breach 

Data breach numbers have been skyrocketing all over the world since the start of the global pandemic, and phishing is at the root of many of those breaches – an estimated 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months. The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.   

A solid 90% of incidents that end in a data breach start with a phishing email. This is reflected in the  Verizon Data Breach Investigations Report 2021 (DBIR). Once again, phishing takes the crown as the top data breach threat that organizations face. This is the third year in a row that phishing has topped the chart, beating out insider acts, malware, and even human error. But it doesn’t stop there – phishing that directly caused a data breach increased by 10% in 2020 and that’s a substantial jump. The risk of phishing causing a data breach is so severe that the phishing category still tops the DBIR list even without the inclusion of ransomware, which has grown into such a behemoth that it’s earned its own category.    

Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>

Phishing Simulations Are Proven to Stop Employees from Opening Phishing Messages 

Increased security awareness training that includes phishing resistance is the cornerstone of building a security culture that’s savvy about phishing. In an employee cybersecurity behavior study, researchers uncovered some facts that clearly demonstrate the befits of security awareness training that utilizes phishing simulations. Companies that run phishing simulators for the first time learn that 40% to 60% of their employees are likely to open malicious links or attachments. But it also showed that consistent training made a huge difference. In follow-up testing, after about 6 months of training, that percentage drops 20% to 25% and after 3 to 6 months more training, that number can drop to only 10% to 18%.  

BullPhish ID is the ideal solution to use for regular security awareness and phishing resistance training. Get everything needed to conduct efficient, effective, painless phishing resistance and security awareness training that gets the job done at an excellent value. You’ll enjoy:  

  • Fully customizable training simulation kits including messages, URLs and attachments 
  • Videos that can be customized to deliver specialized training 
  • Pre-made plug-and-play phishing kits for fast deployment 
  • Training around the latest threats including ransomware, credential compromise and more. 
  • Simple, clear progress reports that demonstrate the value of training 

dark web danger represented by a shadowy hacker using a hook to steal a password from a square flating over a laptop with other warnings in an animated style

What risk will you face next? Get a look at what to expect in The Global Year in Breach 2021. DOWNLOAD NOW>>

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!