Computer, phone, and coffee cup on a desk. The computer screen is showing an email alert.
Blog

2024 Phishing by Industry Benchmarking Report

Technology


Cybercrime is on the rise, affecting businesses and individuals. Cybercriminals operate without discrimination, targeting victims worldwide 24/7. Despite advancements in digital security, attackers have shifted their focus to exploit human vulnerabilities within increasingly fortified organizations.

With the integration of artificial intelligence (AI) into technology, cybersecurity vigilance is more vital than ever. AI systems can swiftly analyze vast datasets and detect patterns beyond human capacity. However, this advancement presents a dual challenge. While enhancing efficiency, it equips hackers with sophisticated tools to identify and exploit vulnerabilities, accelerating the pace and scale of cyberattacks.

As AI-driven cyber threats evolve, security awareness programs must urgently adapt, with a particular emphasis on managing human risks. According to KnowBe4’s 2024 Phishing by Industry Benchmarking Report, 34.3% of untrained end users will fail a phishing test. After 90 days of security awareness training, the number drops to 18.9%. After one year, only 4.6% of users will fail. Of all industries tested, healthcare and pharmaceuticals had the worst baseline fail rate in both the small and large business categories.

Organizations must prioritize addressing the human element in cybersecurity. Implementing a modern security awareness approach involving comprehensive and ongoing education, testing, and communication can empower employees to serve as the primary line of defense.

Key Cybersecurity Recommendations for Businesses:

  • Foster a resilient security culture where employees understand their role in safeguarding the organization against cyber threats.
  • Increase the frequency of security awareness training while optimizing time efficiency to drive lasting behavior change.
  • Implement regular simulated phishing campaigns to enhance employees’ ability to detect and thwart phishing attempts.
  • Collaborate with security awareness professionals to design engaging and effective training content tailored to behavioral changes.

Many organizations perceive training as a mere obligation rather than a strategic initiative to cultivate a security-conscious culture. However, establishing such a culture requires a sustained and comprehensive approach, with continuous efforts to reshape behaviors and instill secure practices. This journey has no endpoint; only through relentless commitment can organizations mitigate cybersecurity risks effectively.

Information used in this article was provided by our partners at KnowBe4.

Want To Learn More?

Connect with one of our professionals today.