Security firm Proofpoint just released their 2023 “State of the Phish” report. The data is based on surveys to 7,500 working adults, 1,050 IT and security professionals, 135 million simulated phishing attacks and 18 Million emails reported by their clients as phishing.

Poor performance on definitions:

• 70% of consumers could not define Vishing (Voice phishing)

• 71% could not define Smishing (Text based phishing)

• 31% were not able to define malware

• 60% unable to define Ransomware

• 42% couldn’t define Phishing

Poor performance on common email security fundamentals :

• 21% of users don’t know that an email can appear to be from someone other than the sender

• 44% of users don’t know that a familiar brand doesn’t make the email safe

• 63% of users don’t know that an email link text might not match the website it goes to

• 11% of recipients fell for phishing simulations mentioning “DocuSign document for review” and “FedEx delivery failure”

Password challenges

• 28% of users reuse passwords for multiple work-related accounts

Scope of the problem

• 34% of users did something in 2022 that put themselves or their organizations at risk

• 84% of organizations faced at least one successful phishing attack

• 54% faced three or more successful phishing attacks

• 35% of organizations say they conduct phishing simulations.

Hopefully your organization is doing better than this data would suggest. Unfortunately, it’s doubtful your clients would score this well.

If awareness is a first step in addressing a problem, it appears we may have a long road ahead of us.

Source: Proofpoint

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.