Phishing Risk in Industry Comparison
Who is most vulnerable?
Ranking according to industry:
*Benchmarkting Report 2022 from KnowBe4
The results of a benchmarking report from 2022 show what companies, institutions and organizations should already be well aware of: without effective employee training, companies are inadequately prepared for the increase in cybercrime and are significantly more susceptible to social engineering attacks.
Statistically, initial phishing susceptibility, regardless of industry or number of employees, averaged 32.4%, indicating the risk of employees falling for a phishing attempt. Companies of all industries and sizes need to better educate employees on how to recognize phishing and the common social engineering tactics used by cybercriminals in order to establish a sustainable security culture.
For 1-249 employees, the education sector enters 2022 with a PPP (=Phish-prone™ Percentage; the PPP indicates how many employees are likely to fall for a social engineering or phishing attempt) of 32.7%. This is the highest value and represents only a slight improvement on 2021. This is followed by healthcare and pharmaceuticals with a PPP of 32.5 %. With the lowest PPP of 31.5%, wholesale and retail displaces non-profit organizations from this position.
this position.
For 250-999 employees, the same sectors as in 2021 occupy the top three places. There was no change in the hotel and catering industry with a PPP of 39.4 % compared to 2021. Energy and utilities and healthcare and pharmaceuticals have swapped positions. The healthcare and pharmaceuticals sector has a PPP of 36.6%, followed by energy and utilities with a PPP of 34%. It is striking that the PPP of all three sectors has improved compared to the 2021 figure. However, they are still the sectors with the greatest risk.
With more than 1,000 employees, energy and utilities was displaced from the top position by the insurance industry (in second place in 2021) with a PPP of 52.3 %. The consulting sector is new to the ranking and follows with a PPP of 52.2 %. The energy and utilities sector has the lowest value in the group with a PPP of 50.9 %. The banking sector is no longer represented in the top three positions in 2022.
The winner in the group with 1-249 employees was the banking sector with a PPP of 25.4%. In the medium-sized group, this was the public authorities with a PPP of 26.4% and in the large companies, institutions and organizations, the hotel and catering industry with a PPP of 20.4%. Although these are the lowest figures in the study, the results clearly indicate that untrained users are still particularly vulnerable to phishing attacks.
Average improvement rate
by industry and number of employees
Statistically speaking, however, there is also promising news. After just one year of ongoing security awareness training and regular simulated phishing tests, the average vulnerability of employees at companies of all sizes and from all industries has been significantly reduced by 84%.
Increase the safety awareness of your employees and create a sustainable safety culture.