Security News > 2021 > July > Warning: 1 in 3 employees are likely to fall for a phishing scam
Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack.
A new study from cybersecurity training and phishing simulation company KnowBe4 found that one in three untrained users were likely to fall for phishing or social engineering scams.
The average baseline, 31.4%, varied greatly by organization size and industry, with a full half of employees in large energy and utilities companies likely to fall for a phishing or social engineering attack.
Within 90 days of training, KnowBe4 ran another phishing and social engineering test on the 23,400 organizations included in the report, and it found the average PPP score dropped to 16.4%. After one year of ongoing training that number drops to just 4.8%. That equates to an average improvement of 84%, the report said.
"Executives should be active participants in all aspects of driving security awareness throughout their organizations, which includes participating in the same security awareness training requirements that the rest of their employees are expected to complete," the report recommends.
It's also essential to define objectives, collect meaningful data and turn that data into usable metrics, simulate phishing attacks, and increase the frequency of training and internal tests to avoid training atrophy, KnowBe4 said.