90 Phishing Statistics You Need to Know Now (Infographic)

90 Phishing Statistics You Need to Know Now

97% of people around the world are unable to identify a phishing email. ( dashlane )

A cyber-attack happens every 39 seconds. ( University of Maryland )

27% of data breaches are caused by human error. ( IBM )

12% of users who opened a phishing email clicked on the infected link or attachment. ( Verizon )

22% of data breaches involve the use of stolen credentials. ( Verizon )

The average email user receives an average of 16 phishing emails per month. ( Alert Logic )

30% of phishing messages are opened. ( Slack )

32% of data breaches involves phishing activity. ( Verizon )

“Attached Invoice” is one of the top phishing lures. ( SpamTitan )

Phishing emails are responsible for 94% of ransomware. ( TrendMicro )

 

Nearly 1.5 million phishing sites are created each month. ( dashlane )

64% of organizations have experienced a phishing attack in the last year. ( Checkpoint )

The finance industry faced 59% of phishing attacks in America. ( NTT Security )

82% of manufacturers have experienced a phishing attack in the last year. ( Checkpoint )

36% of all phishing attacks were directed towards SaaS and webmail services. ( APWG )

Email is the #1 delivery model for malware. ( Alert Logic )

“Employee Benefits” phishing emails have had a 39% open rate. ( Cofense )

“Mold Found in Office” phishing emails have had a 24% open rate. ( Cofense )

“Corporate Voicemail from Unknown Caller” phishing templates have had an 86% interaction rate. ( Wombat Security )

86% of all phishing attacks target US entities. ( Phish Lab )

 

The average time to identify a data breach across all industries is 197 days. ( IBM )

The average time to contain a data breach across all industries is 69 days. ( IBM )

An average of 49.6 days goes by between a data breach discovery and the incident being reported. ( Risk Based Security )

Companies that contained a data breach within 30 days saved themselves more than $1 million, in comparison with companies that took over 30 days. ( IBM )

Cybercriminals stole over $12 billion from businesses within a five year span. ( FBI )

In companies with over 50K compromised records, the average cost of a data breach is $6.3 million. ( Ponemon Institute )

Cybercriminal’s revenue is $1.5 trillion per year. ( Bromium )

23% of Americans are cybercrime victims. ( Gallup )

Business email compromises cost American companies $12.5 billion per year. ( FBI )

56% of phishing sites are hosted in America. ( Phishing Labs )

 

70% of cryptocurrency transactions are being used for illegal activity. ( Cybersecurity Almanac )

Financial damage from cybercrimes has nearly doubled in the last 5 years. ( Cybersecurity Ventures )

Damage related to cybercrime is projected to hit $6 trillion annually by next year. ( Cybersecurity Ventures )

70% of American Employees don’t understand cybersecurity. ( The SSL Store )

64% of businesses measure the cost of phishing through loss of productivity for employees. ( Wombat Security )

Phishing email compromises cost businesses an average of $132,000 per email. ( TrendMicro )

On average, only 2% of a company’s IT budget is used for cybersecurity. ( ZNet )

Phishing scams often target users with fake updates from Adobe, Java, or Microsoft. ( Wombat Security )

Fake invoices are used in 26% of phishing scams. ( Symantec )

The most effective phishing scams target Dropbox credentials. ( ProofPoint )

 

68% of businesses don’t have cybersecurity insurance. ( Cisco )

68% of businesses don’t have a disaster recovery plan in place. ( Nationwide )

68% of businesses store email addresses. ( CSID )

64% of businesses store phone numbers. ( CSID )

Apple IDs are the most popular target of phishing emails. ( ProofPoint )

DocuSign phishing lures generally garner the highest click rate. ( ProofPoint )

The average cost of a stolen record from a business is $150. ( IBM )

A successful cyberattack costs an average of $301 per employee. ( Ponemon Institute )

Companies which ran 11 or more training sessions oh phishing awareness reduced their email click-through rate by 13%. ( F5 )

In 2018 Google and Facebook lost $100 million as a result of an email phishing scheme. ( Inc. )

 

In 2017, a Gmail phishing scam targeted 1 billion users worldwide. ( dashlane )

43% of all breaches included social media tactics. ( Verizon )

93% of social media attacks were related to phish ing. ( Verizon )

The top 3 companies targeted by phishers were Facebook, Microsoft, and PayPal. ( Kaspersky )

Phishing is the third most common type of scam reported to the FBI, regardless of company size, industry, or location. ( FBI )

The average cost of a data breach is $3.92 million. ( IBM )

Phishing attacks are the root cause of 48% of data breaches. ( F5 )

Extensive use of IoT devices increased the cost of a compromised record by $5. ( IBM )

The larger a data breach is, the less likely an organization will have another breach within two years. ( IBM )

38% of successful phishing attacks against businesses resulted in compromised accounts. ( Wombat Security )

 

88% of companies with more than 1 million folders don’t limit access to them. ( Varonis )

66% of malware is installed from malicious email attachments. ( Verizon )

48% of malicious email attachments are Microsoft Office files. ( Symantec )

Of the companies that report having password rules, fewer than 25% require mandatory password changes. ( TechRepublic )

28% of phishing attacks are targeted. ( Verizon )

Spam email that mention the hottest topics and world news agenda are a constant feature of phishing emails. ( Kaspersky )

41% of companies allow employees to access more than 1,000 sensitive files. ( Varonis )

65% of the companies surveyed don’t have an encryption strategy or plan in place. ( Ponemon Institute )

15% of companies found over 1 million files open to every employee. ( Varonis )

45% of businesses report to have consequences in place for employees who click on a phishing email. ( Wombat Security )

 

Only 38% of small businesses reported to regularly upgrade their software solutions. ( CSID )

Organizations with less than 250 employees have the highest targeted malicious email rate. ( Symantec)

71% of users over the age of 55 know what phishing is, compared to only 61% of their younger peers. ( Wombat Security )

56% of IT Decision makers believe phishing attacks are their top security threat. ( CSO )

54% of businesses store billing addresses. ( CSID )

Only 22% of small businesses report to encrypt their databases. ( CSID )

6% of malicious mailshots target American companies. ( Kaspersky )

13% of spam originates from America. ( Kaspersky )

Only 33% of American companies are looking to adopt automated email analysis to counter phishing attacks. ( Teiss )

GoDaddy is the #1 registrar of phishing domains. ( APWG )

A data breach with a lifecycle under 200 days costs $1.2 million less than those over 200 days. ( IBM )

 

58% of phishing sites used SSL certificates. ( APWG )

32% of American companies have failed to implement proper SSL/TLS encryption. ( High-Tech Bridge )

61% of companies have over 500 accounts with non-expiring passwords. ( Varonis )

Up to 1 million Emote Trojan phishing emails are sent per day. ( ProofPoint )

71.4 % of targeted attacks involved the use of spear-phishing emails. ( Symantec )

Many phishing sites are one-time-use URLs, created automatically by phishing scammers to allow one-time use by victims. ( APWG )

67% of people polled were unfamiliar with what text message phishing, or smishing, actually is. ( Wombat Security )

In Q1 of 2018, anti-phishing systems prevented more than 137 million redirects to phishing sites. ( Kaspersky Lab )

Only 14% of small businesses rate their ability to mitigate a cyberattack as highly effective. ( Small Business Trends )

 

For help with your IT systems, or cybersecurity assistance contact us today.

Tags: ,