KnowBe4, provider of the world’s largest security awareness and simulated phishing platform, conducted global research on the likelihood of employees falling victim to phishing or social engineering within companies. KnowBe4 utilized the Phish-prone Percentage (PPP) of organizations to gain insights. The analysis was based on a dataset of over 12.5 million users from 35,681 organizations worldwide, a significant portion of which operate in Europe.
The 2023 Phishing by Industry Benchmarking Report reveals that 32.9% of employees across all sectors in Europe who haven’t undergone security awareness training are likely to click on a suspicious link in an email or respond to a fraudulent request. This represents a three percent increase in the European PPP compared to last year. To measure this percentage, these employees receive simulated phishing emails with malicious links or open infected attachments as part of their training.
The results drastically change when employees undergo security awareness training. 90 days after starting regular training, the average PPP drops to 19.4%. After twelve months of training and simulated phishing, the average PPP decreases to 6.8%. This indicates that newly acquired cyber habits become part of routines, leading to a stronger human firewall and an improved security culture.
“Unfortunately, the European PPP has increased by three percent since last year,” says Jelle Wieringa, Security Awareness Advocate at KnowBe4. “This means there is room for improvement. This year’s report demonstrates the effectiveness of security awareness training and simulated phishing. Educating staff on social engineering is essential for building a robust human firewall, especially in Europe. The rise of hacktivism and the use of AI make it more challenging to detect legitimate threats. Well-trained personnel are key to secure cyber habits and building a strong security culture.”
Ransomware, malware, and social engineering continue to be the most prevalent cyber threats in the region. However, according to the ENISA Threat Landscape 2022, hacktivist activity is increasing. Hacktivism refers to cyber activities driven by religious, political, or moral motivations. The rise of hacktivism in Europe is linked to the conflict between Russia and Ukraine, which has repercussions across societies in the region and involves AI-based cyber attacks.
This year’s 2023 Phishing by Industry Benchmarking Report provides insights into phishing benchmarks from North America, the United Kingdom and Ireland, Europe, Africa, South America, Asia, Australia, and New Zealand.