Each year, Terranova Security in Canada runs a Gone Phishing Tournament. The tournament simulates a real-world phishing attack. Co-created with Microsoft’s data, the phishing test was distributed to hundreds of companies and thousands of employees in 98 countries. It’s no surprise that as phishing emails become more elaborate, the clickthrough rate in 2020 is higher than that of 2019.
“This year’s report illustrates the growing need for security awareness training initiatives that utilize real-world phishing simulations as a practical educational tool. Organizations must take these phishing benchmarking results seriously and take the necessary steps to ensure every user has the knowledge needed to safeguard against the latest and most complex cyber threats.”Terranova Security CEO Lise Lapointe
Some key findings include:
- 67% of clickers (13.4% of overall users) submitting their login credentials, also up substantially from 2019, when just 2% submitted their credentials.
- The Public Sector and Transportation sectors struggled the most, posting a click rate of 28.4%.
- The Education and Finance & Insurance sectors performed considerably better than others, with click rates of 11.3% and 14.2%, respectively.
- Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate. This means that a little over 7 out of every 10 clickers willingly compromised their login data.
- Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively.
Phishing emails can take many different forms. When it comes to the workplace, a lot of them seem to be an account statement, which, of course, entices people to click on them. Rule of thumb: if you’re not expecting it, something doesn’t feel right, or a company you’ve already paid is requesting payment, email or call them to verify if they’ve sent something.
If you’re interested in reading more, you can get a complimentary copy of the 2020 Phishing Benchmark Global Report from Terranova Security.