The Percentage of Employees Clicking Phishing Emails Explains Much About Cybercrime
Have you been diligent about cybersecurity training with staffers? Are you confident that your staff isn’t going to fall for clever cybercriminal tricks? There’s just no way they’re going to interact with that obviously sketchy email, right? Wrong. Even though you’d think that everyone would be savvy about the risks that come from email-based threats, you’ll be shocked at how high the percentage is of employees still clicking phishing emails.
Yep, They’re Still Falling For It
In 2020, the combination of a global pandemic, economic uncertainty, and a whole world full of new remote workers created a solid payday for cybercriminals, resulting in a 85% overall increase in all categories of cybercrime for the year, including a more than 600% increase in phishing attacks. That’s just the tip of the iceberg – every category of phishing related threat from ransomware to business email comromise (BEC) was a growth industry in 2020 as well.
Your staff is receiving more phishing attempts than ever. While some will get caught by your secure email gateway, (and the majority would be caught by automated phishing defense using Graphus), the sheer volume of email that your staffers are handling combined with pandemic stress means that your staffers are getting a lot more phishing email – and clicking on it.
It’s Worse Than You Think
The numbers don’t lie: employees are regularly getting and falling for phishing emails every day. In a recent study of North American staffers, experts discovered that:
- 67% of clickers (13.4% of overall users) submitting their login credentials, also up substantially from 2019, when just 2% submitted their credentials.
- The Public Sector and Transportation sectors struggled the most, posting a click rate of 28.4%.
- The Education and Finance & Insurance sectors performed considerably better than others, with click rates of 11.3% and 14.2%, respectively.
- Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate. This means that a little over 7 out of every 10 clickers willingly compromised their login data.
- Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.
The danger to your organization is real and it is growing. We recently reported on the data that we gathered from BullPhish ID users in 2020 and it’s indisputable: Employees at companies of any size in any industry are prime targets for cybercrime because they will clock phishing email. Here’s how to fight back and transform your staffers from new cybersecurity risks into new cybersecurity team members.
The Pathway to Phishing Resistance Success
In just the first three months of 2020, workers were hit with 30,000 more “suspicious messages,” and a 667% increase in related spear phishing. Every message that one of your staffers receives could be the one that kicks off an expensive cycle of cybersecurity disaster. But you can reduce that risk with security awareness training that includes phishing resistance using a dynamic solution like our freshly updated and upgraded BullPhish ID.
We’ve implemented new innovations in phishing training in this new release, but it’s still a cost-effective training solution. It includes all of the features and benefits that you loved from the original BullPhish ID, with new capabilities that make it really a one-size-fits-all testing and training solution that fits every business and budget. SEE DETAILS ABOUT IT>>
Training That’s Painless for Everyone
Customizable training materials including the ability to add attachments opens up new vistas of training for companies, allowing for the creation of industry-specific and especially tempting phishing simulation emails. That’s incredibly important right now because spear phishing, powered by a vast amount of new Dark Web Data, is the biggest risk that your employees need to be ready to fight – a new phishing attack is launched every 39 seconds.
We’ve also added a user-friendly and trainer-friendly customizable training portal to make the whole process easier and more pleasant for everyone (as long as you don’t make GoDaddy’s training blunder). Employees being trained don’t have to hunt for emails and calendar invites or find lost attachments with directions about how to train. Now, they can just log in to their training portal and everything that they need to complete each phase of training is right there.
That makes the training process much more streamlined for trainers too, with simple, fast remote management and online testing to measure retention plus this new set of tools to refine your training, enabling you to pivot quickly as the threat landscape evolves. Keeping track of groups and their progress is a snap when you can add and delete training or dispatch specialized phishing simulation content through the user portals. Plus, white-labelling allows personalization of the portals, URLs and training materials.
The Bottom Line: Facts Don’t Lie
There are a few more facts to remember as we process the dismal fact that 25% or more of employees are still falling for phishing. Like the fact that regular security awareness training including phishing resistance reduces your chances of suffering a damaging cybersecurity disaster by up to 70%. Or the fact that if you undertake training and refresh it at least quarterly for all of your users, it sticks.
Also, we’re not stopping here with the upgrades to BullPhish ID. We’re continuing to innovate in both function and content. We’re still releasing several new plug-and-play phishing simulation training kits in 8 languages and video lessons every month. Very soon, we’ll have two more innovations that will make training a snap: improved reporting that presents detailed information in a simple way to show the value of training, and new options for buying and selling BullPhish ID.
As you kick off the new year, it’s also time to kick off a new commitment to fighting back against cybercrime like phishing – and of course, we’ve got your back. Set up a call with one of our cybersecurity solutions experts today to see the new BullPhish ID and learn how it can help affordably protect data and systems from today’s biggest threat. SCHEDULE A CALL>>