New research has found over 1 in 3 UK&I workers are likely to click a phishing link, according to KnowBe4’s 2023 Phishing by Industry Benchmarking Report. The report measures an organisation’s Phish-prone Percentage (PPP), which shows the likelihood employees will be duped by phishing or a social engineering scam.
The overall baseline for 2023, which tested an employee’s susceptibility to an initial baseline simulated phishing security test rose 5.2% from 30% in 2022, with the biggest contributor to this increase being large enterprises, with over 1,000 employees, which rose from 32.7% to nearly 40%.
KnowBe4 analysed a data set of over 12.5 million users, across 35,681 organisations, with over 32.1 million simulated phishing security tests across 19 different industries and seven geographic regions. The resulting baseline “Phish-prone Percentage (PPP)” measured the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
Geographically, users in the UK&I had an average baseline of 35.2%, which was only worsened by South America workers who had a baseline of 41.1%. However, after completing a mixture of security awareness training and simulated phishing security tests for 90 days, the average PPP reduced to 17.8% for UK&I workers. After twelve months, it dropped to 5.8%, proving the value of security training in improving user security awareness and the overall security culture for the organisation.
In 2020, £3.7 billion ($4.6 billion) was
reportedly lost due to cyber-enabled fraud in the UK&I, with ransomware, which is distributed commonly through social engineering techniques like phishing, continuing to plague organisations. Globally, almost a
workers
likely
click
phishing
