The results in the latest version of the Phishing Benchmark Global Report underscore the need for all organizations, regardless of size, industry, or geographic location, to implement both an ongoing security awareness training program and consistent, up-to-date phishing simulations to strengthen their data protection infrastructure.
The results outlined in the Phishing Benchmark Global Report come at the tail end of what has been a tumultuous year for businesses worldwide. The global COVID-19 pandemic resulted in many organizations changing how they work and featured a spike in remote or remote-hybrid workforce adoption. However, distributed virtual offices have lessened the effect of technical data protection measures and consequently put employees’ ability to successfully detect and avoid phishing threats under a microscope.
“This year’s report illustrates the growing need for security awareness training initiatives that utilize real-world phishing simulations as a practical educational tool,” said author and Terranova Security CEO Lise Lapointe. “Organizations must take these phishing benchmarking results seriously and take the necessary steps to ensure every user has the knowledge needed to safeguard against the latest and most complex cyber threats.”
This year’s Gone Phishing Tournament, which took place over 11 days in October 2020 to coincide with National Cyber Security Awareness Month, welcomed 57% more participating organizations than in 2019 and boasted a 90% increase in participating end users. The 2020 event also benefited from an extended global reach, with users completing the simulation in 98 different countries.
2020 Phishing Benchmark Global Report: Key Results
The results from the 2020 Gone Phishing Tournament underscored the potential consequences of a lack of phishing awareness. The data shows that nearly 20% of employees are still quick to click on phishing email links, a significant increase from the 11% posted during the 2019 Gone Phishing Tournament.
Other key data highlights include:
- 67% of clickers (13.4% of overall users) submitting their login credentials, also up substantially from 2019, when just 2% submitted their credentials
- The Public Sector and Transport domains struggled the most, posting a click rate of 28.4% and submission rate of 24.7%.
- The Education and Finance & Insurance sectors performed considerably better than others, with rates of 11.3% and 14.2%, respectively.
- Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate. This means a little over 7 out of every 10 clickers compromised their login data.
- Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.
“The Gone Phishing Tournament results support the need for industry and government to continue on their joint mission of helping to foster a more educated and empowered global society. This commitment will help security leaders globally protect organizations, employees, and citizens against the growing number of social engineering and phishing threats,” said Executive Director of NCSA Kelvin Coleman. “The work being done by Microsoft, Terranova Security, and NCSA is a strong step in building a cyber-aware society.”
“The results are a clear indication that security leaders need to do more, especially when you consider that the event took place during National Cyber Security Awareness Month,” added Theo Zafirakos, CISO at Terranova Security. “It’s a time of year when learning and communication opportunities around phishing tend to be heightened, which means the results showcase the importance of implementing or refining continuous awareness initiatives.”
2020 Phishing Benchmark Global Report: Methodology
The phishing simulation email and web page templates used during the 2020 Gone Phishing Tournament were supplied by co-sponsor Microsoft. They reflected a real-world scenario that any user, especially those working remotely, may encounter in their daily lives.
Selected by the Terranova Security leadership team, the template measured several end user phishing behaviors, including clicking on a suspicious email link and submitting data using a webpage form. The template’s difficulty level was also increased compared to the 2019 simulation and was rated medium-high for complexity by the Terranova Security team.
Supported in 12 different languages, all participating users received the same phishing simulation over the same 11-day period, ensuring the data depicted in the Phishing Benchmark Global Report portrayed an accurate, apples-to-apples analysis of organizational performance.
Download the 2020 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.
About Terranova Security
Terranova Security is a global security awareness training leader selected by Microsoft as their partner of choice to bring the best in security awareness training content to customers. Successful Terranova Security awareness programs and phishing simulations have provided organizations around the world with the highest-quality content, most multilingual security awareness platform, training and communications portfolio and intuitive phishing simulator in the industry. Organizations continue to leverage the Terranova Security awareness 5-step framework, which provides an evidence-based, step-by-step approach to a successful security awareness program. Terranova Security is working with organizations and security awareness teams worldwide to design programs that drastically reduce the human risk factor to effectively counter all cyber attacks. Learn more at terranovasecurity.com.
LEGAL NOTICES
Copyright © 2020 Terranova WW Corporation, Inc. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
SOURCE Terranova Security