New State of the Phish Report Shows Positive Trends, But End-User Risk Remains

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Posted by Gretel Egan on Jan 19, 2017 6:00:31 PM

We’re excited to announce the release of the 2017 State of the Phish Report, our third-annual look at how end users are recognizing and responding to phishing attacks, and what infosec professionals are doing to mitigate the risks associated with this perennial threat.

The report compiles data from three sources:

Tens of millions of simulated phishing attacks sent through our platform over a 12-month period (October 2015 through September 2016)More than 500 answers to a survey of infosec professionals across more than 16 industriesMore than 2,000 answers from an independent survey of 1,000 U.S. and 1,000 UK end users

Following are several highlights from the report. You can download a full copy of the 2017 State of the Phish on our website.

The Volume of Phishing Attacks Appears to be Decreasing

Based on year-over-year comparisons, the infosec professionals we surveyed indicated that the volume of phishing attacks seems to be on the decline. This reported trend coincides with data from the Anti-Phishing Working Group’s Phishing Trends Report, 3rd Quarter 2016, which was compiled during the same general time frame that we conducted our survey.

Here is a sample of what infosec professionals told us they experienced in 2016:

76% reported their organization had been victimized by a phishing attack (down 10% from 2015).Fewer respondents said the rate of phishing attacks is increasing (51% in 2016 vs. 60% in 2015), and 45% said the rate of attacks is decreasing.Nearly 10% fewer infosec professionals said they experienced a spear phishing attack (61% in 2016 vs. 85% in 2015).

Download the 2017 State of the Phish Report


Users Are More Alert to Suspicious Messages in the Morning

When we compiled the data related to our PhishAlarm® email reporting tool, we found that end users are most likely to report suspicious messages during the early hours of the work day. On a related note, more messages were reported on Tuesdays, Wednesdays, and Thursdays, with Thursday logging the most PhishAlarm clicks at 22%.

More Organizations Are Measuring Phishing Risk and Impact

We’ve long extolled the values of measurement and analysis when it comes to gauging cybersecurity risks. Though there is more to managing a successful security awareness training program than tracking numbers, the ability to establish a baseline and evaluate progress over time provides clear benefits on multiple levels (strategic program planning, reporting to stakeholders, etc.).

In this year’s survey, we were pleased to see that more and more infosec professionals are embracing the idea of tracking and managing end-user risk, as well as measuring the overall impact of phishing on their businesses:

72% of respondents said that they assess the risk each end user poses to their organizations — a dramatic 64% increase from our 2015 survey.The top way infosec professionals determine end-user risk is by evaluating security awareness and training performance (48%).At 38%, “disruption of employee activities” was the most commonly cited negative impact of phishing attacks.Infosec professionals measure the cost of phishing incidents in multiple ways, including the following:Business impact from lost IP (41%)Loss of employee productivity (35%)Damage to reputation (8%)

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Wombat Security
At Wombat Security, our mission is to deliver software-based cyber security awareness and training solutions that help your employees understand the risks associated with poor cyber hygiene and subsequently change their behaviors to strengthen your organization’s security posture. Our Continuous Training Methodology takes a 360-degree approach to security education, and customers who have implemented our programs have reduced successful phishing attacks and malware infections by up to 90%. With several million users across North America, Europe and Asia, we have established ourselves as a global leader in security awareness and training. And independent research by the Aberdeen Group has proven that our four-step methodology can reduce employee-related security risks and business impact by up to 60%.
Promoted Content
2017 Beyond the Phish Report
This exclusive report has data compiled from more than 70 million questions asked and answered inside our CyberStrength® Knowledge Assessments and interactive training modules from Q2 2016 to Q2 2017.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?