Everyone in your organizations might think that they are safe from cyber threats, provided that you have employed security systems against it. In fact, even the most fool-proof technology only serves as a tool to defend your systems. According to Verizon’s 2021 data breach investigation, phishing continues to be the top threat action used in successful breaches, using social engineering to outsmart employees, and resulting in 80% breaches in login credentials.

Cyber criminals use clever phishing and social engineering tactics that are designed to persuade employees to fall into their scams. Fake emails and phone calls or other outreach methods are crafted in detail to trap employees. As the result,many employees give important, sensitive data unknowingly.

KnowBe4 as the provider of the world’s largest security awareness training and simulated phishing platform, has helped tens of thousands of organizations to improve their staff knowledge to identify cyber scams as early as possible and develop appropriate response to fight against phishing schemes.

In 2021, KnowBe4 conducted an analysis across 23,400 organizations with over 15.5 million simulated phishing security tests across 19 different industries. To understand and measure how employees react with phishing, employees were sent a simulated phishing email link or infected attachment during the testing campaign using the KnowBe4 platform. To calculate organizations’ readiness against phishing schemes, we measure the number of employees who clicked the scamming emails or links.PPP is defined as Phish-Prone Percentage that indicates how many employees in the organizations fall into phishing scams. The higher the PPP, the greater the risk.

The results of this analysis highlighted a familiar truth in cyber security :failure to effectively trains employees has left organizations with high vulnerability against cyber threats. The data showed a shocking fact – no single industry across all-sized organizations is doing a good job in recognizing cybercriminals’ phishing and social engineering tactics.The top three industries with the largest PPP were shown as below:

(Source: KnowBe4) 

The overall PPP baseline average across all industries and size organizations was 31.4%, which means approximately 1 out of 3 employees are highly susceptible to phishing and social engineered scams.

To further understand the impact of employees training to increasing employee’s awareness, KnowBe4 analyzed the difference between three phases:

  1. Phase One : Employees were not trained on cyber security awareness
  2. Phase Two :Performance after employees were trained for 90 days on cyber security awareness
  3. Phase Three :Performance after employees were trained for one year on cyber security awareness

When organizations implemented simultaneous training and simulated phishing security testing, the results changed dramatically. There was a significant drop from 31.4% to 16.4% in average for all industries, proving that investing in training the employees can be an effective human firewalls against cyber crimes – even within the first three months.

The result was even more encouraging for one year of continuous training. The average PPP is reduced from 31.4% to 4.8% – demonstrating significant effectiveness across all industries and all company sizes. This scores 84% improvement in average – a definite result which should not be taken lightly.

When you invest in security awareness training and phishing security testing, you will see the immediate result in increasing cyber security resilience. The High organizational leaders need to understand that changing the IT security systems might not bring the results that they want when they neglect the importance of human factor error.

KnowBe4 helps organizations like you to develop strong human firewall, your last line of defense. We enable your employees to make smarter choice everyday with their knowledge of how phishing works. With proven methodology, KnowBe4 has successfully transformed tens of thousands of organizations to improve their cyber security knowledge effectively.

We provide :

– Baseline testing conduct: to assess your current Phish-Prone Percentage and serves as the baseline to measure your training success later.

– Training for users: on demand, interactive, and engaging computer-based training on phishing awareness and education modules.

– Simulated phishing attacks: test your employees with this safe phishing simulation to make them more vigilant and create a new habit. By doing a simulated phishing attack at least once a month, your employees will be more equipped to handle real attacks.

– Result measurement: track how your employees respond to training and phishing.

Do you think your employees are ready for cyber crimes? Use Free Phishing Security Test by KnowBe4 by contacting us. We’ll be glad to help.