New Proofpoint Study Reveals Phishing Identification Remains Top Problem Area for Organisations


Proofpoint’s fourth annual 2019 Beyond the Phish report identified that phishing attacks and a jarring knowledge gap remain a global concern for organisations. In fact, the survey revealed that respondents were only able to answer one in four questions correctly, demonstrating a need for increased cyber education.

Interesting report key findings, based on data from 130 million questions answered by end users across 16 industries, include:

Best performing industry when it comes to knowledge of phishing threats:

  • Finance was the best performing industry, with end users answering 80 percent of all questions correctly.
  • End users in the Insurance industry delivered the best performance in three of the 14 categories analysed, specifically excelling in the “Avoiding Ransomware Attacks” category.
    Communications teams are the most savvy when it comes to phishing threats, with end users correctly answering 84 percent of questions.

Least savvy industry when it comes to knowledge of phishing threats:

  • Customer Service, Facilities, and Security employees are the least savvy when it comes to phishing threat knowledge, incorrectly answering an average of 25 percent of cybersecurity questions asked. As these are respondent-defined department designations, the Security department could include both physical security and cybersecurity.
  • Hospitality employees scored the lowest in three categories, including “Physical Security Risks,” in which 22 percent of questions were answered incorrectly.
  • End users in the Education and Transportation industries have the weakest phishing knowledge, on average, answering 24 percent of questions incorrectly across all categories.

Australia Country Manager, Crispin Kerr said “Australians have already lost $6.2M this year to online scams, according to Scamwatch, and unfortunately that figure only captures reported losses. While many organisations have robust cybersecurity solutions in place, there is an important defence element that simply can’t be ignored: the urgent need to educate employees on safe behaviour. Criminals are relentlessly targeting individuals, rather than infrastructure, to gain access to desired sensitive information and access to organisations. Threats today are not only targeting people, they are activated by people. Attackers are relying on users to click, take action, and do the work for them.

While email phishing attacks remain one of the oldest and most pervasive forms of threat that Australian organisations are battling today, it is important to remember that, cybersecurity risk extends far beyond the inbox; a range of end-user behaviours impact overall security postures. Our Beyond the Phish study encourages infosec teams to consider how user understanding of phishing and other critical topics—including best practices for data protection, mobile devices, and social sharing— can influence and improve organisational security.