Please fill in the form below to subscribe to our blog

Which Industries Saw the Most Phishing Last Year? These 5

May 13, 2021

If You’re Wondering Which Industries Saw the Most Phishing Last Year, We’ll Tell You!

Phishing emails are a fast road to ruin for businesses. These pernicious threats bring devastating consequences like ransomware in their wake. Experts estimate that 60% of companies go out of business after a successful cyberattack. Every employee and every industry is at risk of being victimized by a phishing attack, but some are more likely targets than others. Which industries saw the most phishing last year? Take a look at the industries most likely to be hit by phishing as well as why they’re so vulnerable and how to prevent it from happening to your business. 

ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>

Threats Are Around Every Corner

Phishing is the gateway to many cybersecurity woes. In an atmosphere of heightened risk, phishing is the threat that every business needs to be most cognizant about. An estimated 75% of organizations around the world experienced some kind of phishing attack in 2020. One of the reasons why phishing is so popular is because it’s extremely effective. Nearly 75% percent of organizations in the United States experienced a successful phishing attack last year. Those attacks packed a punch. In the 2020 IC3 Report, the US Federal Bureau of Investigation estimated that businesses lost $4.2B to cybercrime in 2020 led by phishing.  

It’s especially essential to keep phishing away from your business to avoid expensive ransomware disasters. An estimated 65% of active cybercriminal gangs use spear phishing as their favored method of delivery for ransomware. Ransomware is also the weapon of choice for nation-state threat actors. These days, every business is at risk for a ransomware attack. Cybercriminals aren’t just after your data, either. In 2020, a cybercrime trend developed in which ransomware was used to shut down production lines and snarl operations at infrastructure, business support and manufacturing targets. That trend looks set to continue in 2021 as borne out by the Colonial Pipeline hack.  

Which of your vendors will cause your next cyberattack? Read our new eBook to learn how to spot and stop third party risk. GET THIS BOOK >>

These Industries Saw the Most Phishing Last Year

In a survey of responses to phishing simulations, every industry had problems with employees clicking on a phishing email. CyberNews reports that 1 in 3 employees are likely to click the links in phishing emails, and 1 in 8 employees are likely to share information requested in a phishing email. This is especially problematic in some industries.   

In which industries are you going to find the people most likely to click on a phishing link? These are the top 5 most vulnerable industries. 

  • Consulting
  • Apparel and accessories
  • Education
  • Technology
  • Conglomerates

In which industries will cybercriminals find the people who are most likely to submit credentials or share information? These are the top 5 most vulnerable industries: 

  • Apparel and accessories
  • Consulting
  • Securities and commodity exchanges
  • Education
  • Conglomerates 

malicious insider threats can include cryptocurrency risk represented by a crime comic style blue eye looking through a peephole.

Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>

Why Are These Industries at Risk? 

Phishing risk isn’t easy to quantify. Cybercrime boomed in 2020. Cybercriminals have been constantly innovating in their delivery methods, and which industries are most at risk changes constantly. The laws of supply and demand apply to cybercrime just like any other business. Plus, constant shifts in opportunity and vulnerability due to world events and market fluctuations create new pitfalls every day. That said, three major factors can put specific industries at higher risk for phishing problems than others, and they hit especially hard in the industries that saw the most phishing last year


Phishing risk increased dramatically in 2020. One of the drivers of that risk was the opportunity for exploitation that cybercriminals found in many industries that were under pressure. Bad actors were quick to use ransomware to achieve their ends. Ransomware was the most common reason behind Microsoft incident response engagements from October 2019 through July 2020. In fact, the huge upswings in phishing (more than 600%) and ransomware (nearly 150%) were so alarming that The US Cybersecurity Infrastructure Security Agency (CISA) established a new one-stop resource center to help organizations stem the tide in January 2021. 

Phishing and ransomware exploded in the medical industry in 2020 because of the extraordinary circumstances creating extraordinary opportunities for cybercrime. During the height of the COVID-19 pandemic, medical facilities were heavily targeted for a while, then that focus shifted to pharmaceutical companies, followed by a foray into transportation and logistics as the path of the pandemic shifted from disease treatment to vaccine development to vaccine transportation. This is a common pattern. When an industry is exceptionally relevant and unusually stressed, cybercriminals are quick to jump on the opportunity to undertake operations against them. 

Don’t let cybercriminals put the brakes on your client’s race to success. Boost your cyber resilience to keep your engine running in any conditions. LEARN MORE>>

Remote and Hybrid Workforce Support 

Remote and hybrid workers are extremely dependent on email. However, the flexibility that comes with supporting a remote or hybrid workforce opens companies up to more risk. In a 2020 survey of remote worker habits, about 60% of employees noted that they are working in environments where distractions are commonplace. Many of those employees have adopted an always-at-work approach that can lead to email handling errors — 73% of the employees surveyed said that they regularly read and respond to work email outside of their working hours, and almost one-quarter of employees (24%) reported they handle work email while doing other things. 

Some of those risks were exacerbated by both a lack of preparation and readiness to go fully remote — 98% of IT professionals in an international survey said their organization experienced security challenges including phishing incidents within the first two months of the pandemic. Only 42% of those survey respondents felt that their organization was “well prepared” for moving to remote work, compared to 45% percent that considered their companies “somewhat prepared” and 13% who stated that their businesses were not prepared at all. 

Email Volume Boom 

More remote workers means more email. Workers handled 72% more emails in 2020 than the year before, and email is the primary communication tool of business these days. Many companies had employees working fully remotely for the first time, and some had never allowed anyone to work remotely before, creating a huge pool of employees who were not trained on the cybersecurity hazards that remote workers can face. Add in a heaping helping of pandemic-related stress for everyone, and you’ve got an environment that is ripe for cybercriminals exploitation. Those bad actors were not hesitant to pounce. Phishing threats took their biggest jump in Q2 2020, escalating an eye-popping 660% according to Google. Even in Q4 2020, the increase was lower but still epic: phishing was up more than 220%. 

A new record for email volume was achieved at 306.4 billion emails sent and received each day in 2020. While many of those messages were legitimate, a huge volume increase gives cybercriminals more opportunity to slip in phishing attempts. More than 30% of the email sent in all of 2020 was a pandemic-themed phishing attempt, and a whopping 72% of all phishing email was COVID-19 themed. Experts at BitDam estimate that in an average organization with 1–250 employees, one in 323 emails will be malicious. In particularly challenged industries, like healthcare was in 2020, that estimate climbs to 1 in 99 messages. Larger companies get off a bit easier. Only one in 823 emails will be malicious in an organization of 1001–1500 employees. 

phishing email imitating famous brands dangers represented by a cartoon hacker in a hoodie at a laptop with an eye mask on done in shades of blue, Batman style.

Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>

Fix This Problem 

Every organization’s phishing risk calculus is complicated, but how to help businesses reduce the chances that their employees will click on phishing links is easy. Increased security awareness training that includes phishing resistance is the cornerstone of building a security culture that’s savvy about phishing. A recent study showed that companies that run phishing simulators for the first time learn that 40% to 60% of their employees are likely to open malicious links or attachments. But it also showed that consistent training made a huge difference. In follow-up testing, after about 6 months of training, that percentage drops 20% to 25% and after 3 to 6 months more training, that number can drop to only 10% to 18%. 

BullPhish ID is the ideal solution to use for regular phishing resistance training. Our newly revamped security awareness training powerhouse contains everything needed to conduct efficient, effective, painless phishing resistance training that gets the job done at an excellent value. You’ll enjoy: 

  • Fully customizable training simulation kits including messages, URLs, and attachments
  • Videos that can be customized to deliver specialized training
  • Pre-made plug-and-play phishing kits for fast deployment
  • Training around the latest threats with new kits added monthly
  • Simple, clear progress reports that demonstrate the value of training
  • Learn more about the new BullPhish ID in this intro webinar:
  • See how the new features can help you charge into safety here: 

We’re here to help if you would like to learn more about ways that you can protect clients who may be in the line of fire from damaging, dangerous attacks like this one. From dark web monitoring to phishing resistance training, the ID Agent digital risk protection platform helps businesses mitigate their risk of cybersecurity disasters. Our solutions experts are happy to help you find the right defensive combination to secure any organization. Let’s get together and talk about how we can help your clients and your business! SCHEDULE A CONSULTATION>> 

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!