The latest edition of the Terranova Security Phishing Benchmark Global Report, drawing on results from 2020 Gone Phishing Tournament reveals a substantial year-over-year increase in participating end user click rates. It also details a significant rise in the percentage of users who would’ve potentially compromised their login data had the phishing simulation not been a safe security awareness testing environment.
The results in the latest version of the Phishing Benchmark Global Report underscore the need for all organizations, regardless of size, industry, or geographic location, to implement both an ongoing security awareness training program and consistent, up-to-date phishing simulations to strengthen their data protection infrastructure.
The results outlined in the Phishing Benchmark Global Report come at the tail end of what has been a tumultuous year for businesses worldwide. The global COVID-19 pandemic resulted in many organizations changing how they work and featured a spike in remote or remote-hybrid workforce adoption. However, distributed virtual offices have lessened the effect of technical data protection measures and consequently put employees’ ability to successfully detect and avoid phishing threats under a microscope.
“This year’s report illustrates the growing need for security awareness training initiatives that utilize real-world phishing simulations as a practical educational tool,” said author and Terranova Security CEO Lise Lapointe. “Organizations must take these phishing benchmarking results seriously and take the necessary steps to ensure every user has the knowledge needed to safeguard against the latest and most complex cyber threats.”
This year’s Gone Phishing Tournament, which took place over 11 days in October 2020 to coincide with National Cyber Security Awareness Month, welcomed 57% more participating organizations than in 2019 and boasted a 90% increase in participating end users. The 2020 event also benefited from an extended global reach, with users completing the simulation in 98 different countries.
2020 Phishing Benchmark Global Report: Key Results
The results from the 2020 Gone Phishing Tournament underscored the potential consequences of a lack of phishing awareness. The data shows that nearly 20% of employees are still quick to click on phishing email links, a significant increase from the 11% posted during the 2019 Gone Phishing Tournament.
Other key data highlights include:
- 67% of clickers (13.4% of overall users) submitting their login credentials, also up substantially from 2019, when just 2% submitted their credentials
- The Public Sector and Transport domains struggled the most, posting a click rate of 28.4% and submission rate of 24.7%.
- The Education and Finance & Insurance sectors performed considerably better than others, with rates of 11.3% and 14.2%, respectively.
- Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate. This means a little over 7 out of every 10 clickers compromised their login data.
- Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.
“The Gone Phishing Tournament results support the need for industry and government to continue on their joint mission of helping to foster a more educated and empowered global society. This commitment will help security leaders globally protect organizations, employees, and citizens against the growing number of social engineering and phishing threats,” said Executive Director of NCSA Kelvin Coleman. “The work being done by Microsoft, Terranova Security, and NCSA is a strong step in building a cyber-aware society.”
“The results are a clear indication that security leaders need to do more, especially when you consider that the event took place during National Cyber Security Awareness Month,” added Theo Zafirakos, CISO at Terranova Security. “It’s a time of year when learning and communication opportunities around phishing tend to be heightened, which means the results showcase the importance of implementing or refining continuous awareness initiatives.”
Source: TerraNova Security