90 Phishing Statistics You Need to Know Now (Infographic)
97% of people around the world are unable to identify a phishing email. ( dashlane )
A cyber-attack happens every 39 seconds. ( University of Maryland )
27% of data breaches are caused by human error. ( IBM )
12% of users who opened a phishing email clicked on the infected link or attachment. ( Verizon )
22% of data breaches involve the use of stolen credentials. ( Verizon )
The average email user receives an average of 16 phishing emails per month. ( Alert Logic )
30% of phishing messages are opened. ( Slack )
32% of data breaches involves phishing activity. ( Verizon )
“Attached Invoice” is one of the top phishing lures. ( SpamTitan )
Phishing emails are responsible for 94% of ransomware. ( TrendMicro )
Nearly 1.5 million phishing sites are created each month. ( dashlane )
64% of organizations have experienced a phishing attack in the last year. ( Checkpoint )
The finance industry faced 59% of phishing attacks in America. ( NTT Security )
82% of manufacturers have experienced a phishing attack in the last year. ( Checkpoint )
36% of all phishing attacks were directed towards SaaS and webmail services. ( APWG )
Email is the #1 delivery model for malware. ( Alert Logic )
“Employee Benefits” phishing emails have had a 39% open rate. ( Cofense )
“Mold Found in Office” phishing emails have had a 24% open rate. ( Cofense )
“Corporate Voicemail from Unknown Caller” phishing templates have had an 86% interaction rate. ( Wombat Security )
86% of all phishing attacks target US entities. ( Phish Lab )
The average time to identify a data breach across all industries is 197 days. ( IBM )
The average time to contain a data breach across all industries is 69 days. ( IBM )
An average of 49.6 days goes by between a data breach discovery and the incident being reported. ( Risk Based Security )
Companies that contained a data breach within 30 days saved themselves more than $1 million, in comparison with companies that took over 30 days. ( IBM )
Cybercriminals stole over $12 billion from businesses within a five year span. ( FBI )
In companies with over 50K compromised records, the average cost of a data breach is $6.3 million. ( Ponemon Institute )
Cybercriminal’s revenue is $1.5 trillion per year. ( Bromium )
23% of Americans are cybercrime victims. ( Gallup )
Business email compromises cost American companies $12.5 billion per year. ( FBI )
56% of phishing sites are hosted in America. ( Phishing Labs )
70% of cryptocurrency transactions are being used for illegal activity. ( Cybersecurity Almanac )
Financial damage from cybercrimes has nearly doubled in the last 5 years. ( Cybersecurity Ventures )
Damage related to cybercrime is projected to hit $6 trillion annually by next year. ( Cybersecurity Ventures )
70% of American Employees don’t understand cybersecurity. ( The SSL Store )
64% of businesses measure the cost of phishing through loss of productivity for employees. ( Wombat Security )
Phishing email compromises cost businesses an average of $132,000 per email. ( TrendMicro )
On average, only 2% of a company’s IT budget is used for cybersecurity. ( ZNet )
Phishing scams often target users with fake updates from Adobe, Java, or Microsoft. ( Wombat Security )
Fake invoices are used in 26% of phishing scams. ( Symantec )
The most effective phishing scams target Dropbox credentials. ( ProofPoint )
68% of businesses don’t have cybersecurity insurance. ( Cisco )
68% of businesses don’t have a disaster recovery plan in place. ( Nationwide )
68% of businesses store email addresses. ( CSID )
64% of businesses store phone numbers. ( CSID )
Apple IDs are the most popular target of phishing emails. ( ProofPoint )
DocuSign phishing lures generally garner the highest click rate. ( ProofPoint )
The average cost of a stolen record from a business is $150. ( IBM )
A successful cyberattack costs an average of $301 per employee. ( Ponemon Institute )
Companies which ran 11 or more training sessions oh phishing awareness reduced their email click-through rate by 13%. ( F5 )
In 2018 Google and Facebook lost $100 million as a result of an email phishing scheme. ( Inc. )
In 2017, a Gmail phishing scam targeted 1 billion users worldwide. ( dashlane )
43% of all breaches included social media tactics. ( Verizon )
93% of social media attacks were related to phish ing. ( Verizon )
The top 3 companies targeted by phishers were Facebook, Microsoft, and PayPal. ( Kaspersky )
Phishing is the third most common type of scam reported to the FBI, regardless of company size, industry, or location. ( FBI )
The average cost of a data breach is $3.92 million. ( IBM )
Phishing attacks are the root cause of 48% of data breaches. ( F5 )
Extensive use of IoT devices increased the cost of a compromised record by $5. ( IBM )
The larger a data breach is, the less likely an organization will have another breach within two years. ( IBM )
38% of successful phishing attacks against businesses resulted in compromised accounts. ( Wombat Security )
88% of companies with more than 1 million folders don’t limit access to them. ( Varonis )
66% of malware is installed from malicious email attachments. ( Verizon )
48% of malicious email attachments are Microsoft Office files. ( Symantec )
Of the companies that report having password rules, fewer than 25% require mandatory password changes. ( TechRepublic )
28% of phishing attacks are targeted. ( Verizon )
Spam email that mention the hottest topics and world news agenda are a constant feature of phishing emails. ( Kaspersky )
41% of companies allow employees to access more than 1,000 sensitive files. ( Varonis )
65% of the companies surveyed don’t have an encryption strategy or plan in place. ( Ponemon Institute )
15% of companies found over 1 million files open to every employee. ( Varonis )
45% of businesses report to have consequences in place for employees who click on a phishing email. ( Wombat Security )
Only 38% of small businesses reported to regularly upgrade their software solutions. ( CSID )
Organizations with less than 250 employees have the highest targeted malicious email rate. ( Symantec)
71% of users over the age of 55 know what phishing is, compared to only 61% of their younger peers. ( Wombat Security )
56% of IT Decision makers believe phishing attacks are their top security threat. ( CSO )
54% of businesses store billing addresses. ( CSID )
Only 22% of small businesses report to encrypt their databases. ( CSID )
6% of malicious mailshots target American companies. ( Kaspersky )
13% of spam originates from America. ( Kaspersky )
Only 33% of American companies are looking to adopt automated email analysis to counter phishing attacks. ( Teiss )
GoDaddy is the #1 registrar of phishing domains. ( APWG )
A data breach with a lifecycle under 200 days costs $1.2 million less than those over 200 days. ( IBM )
58% of phishing sites used SSL certificates. ( APWG )
32% of American companies have failed to implement proper SSL/TLS encryption. ( High-Tech Bridge )
61% of companies have over 500 accounts with non-expiring passwords. ( Varonis )
Up to 1 million Emote Trojan phishing emails are sent per day. ( ProofPoint )
71.4 % of targeted attacks involved the use of spear-phishing emails. ( Symantec )
Many phishing sites are one-time-use URLs, created automatically by phishing scammers to allow one-time use by victims. ( APWG )
67% of people polled were unfamiliar with what text message phishing, or smishing, actually is. ( Wombat Security )
In Q1 of 2018, anti-phishing systems prevented more than 137 million redirects to phishing sites. ( Kaspersky Lab )
Only 14% of small businesses rate their ability to mitigate a cyberattack as highly effective. ( Small Business Trends )
For help with your IT systems, or cybersecurity assistance contact us today.
