KnowBe4 has released the new 2023 Phishing by Industry Benchmarking Report for Australia and New Zealand to measure an organisation’s Phish-prone Percentage (PPP), which indicates how many of their employees are likely to fall for a phishing or a social engineering scam.
This year’s report reveals that according to the baseline testing conducted, without security training, across all industries, 34.8% of employees in Australia and New Zealand are likely to click on a suspicious link or comply with a fraudulent request. Although this is a slight increase from last year’s 34.5% PPP for the APAC region overall, it continues to demonstrate the risk associated with a lacking security culture.
KnowBe4 analysed a data set of over 12.5 million users, across 35,681 organizations, with over 32.1 million simulated phishing security tests, across 19 different industries and seven geographic regions. The resulting baseline PPP measures the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
When companies implemented a combination of training and simulated phishing security testing after their initial baseline measurement, results changed dramatically. 90 days after completing monthly or more frequent security training, the average PPP in Australia and New Zealand decreased to 17.8%. After twelve months of security training and simulated phishing security tests, the average PPP dropped to 6.4%, indicating that new habits become normal, fostering a stronger human firewall and improved security culture.
Also revealed in the report is which industries globally are most vulnerable to cyber threats and have the highest PPP which indicates where there is a stronger need for security awareness training. Across small and medium organisations, the healthcare and pharmaceuticals industry has the highest PPP of 32.3% and 35.8%, respectively. Across large organisations, the insurance industry remains the most at risk for a second consecutive year with a PPP of 53.2%, relatively unchanged from 2022.
The report underscores the fact that while technology plays an important role in preventing and recovering from an attack, organisations cannot afford to ignore the human factor. Verizon’s 2023 Data Breach Investigations report states that 74% of breaches this year involved the human element. This is a slight improvement from last year’s 82%, however, organisations must continue to focus their efforts on the human element of cyber attacks by implementing proven training methods that directly impact their workforce.
“The findings from KnowBe4’s Phishing by Industry Benchmark report are a testament to the effectiveness of new-school security awareness training and simulated phishing,” says Jacqueline Jayne, Security Awareness Advocate APAC at KnowBe4. “An educated workforce forms a strong human firewall, which is key to practicing safe cyber habits and building a strong security culture.”
You can read the full report here.