Jump to content
Sign in to follow this  
MainSpring

Tackling cybercrime with computer-based training

Recommended Posts

MainSpring
BaselinePPPbyIndustry.png

It’s no secret that cybercrime is a lucrative business; Cybersecurity Ventures reports that it’s estimated to cost the world $6 trillion in damages by 2021. What’s more, ransomware alone is a multi-billion-dollar business. According to Verizon’s 2019 Data Breach Investigation Report, phishing is the number one threat used in successful breaches.

Cybercriminals prey on organizations using tricky phishing and social engineering tactics (mostly via email), and they rely on an employee’s naivete for success. An employee’s susceptibility to these attacks is referred to as their phish-prone percentage (PPP).

Baseline phish-prone percentage by industry

In an effort to understand the depth of vulnerability, KnowBe4 conducted research using a baseline phishing test for organizations varying in size and across multiple industries. Below are the results they found, sorted by industry and size:

Industry 1-249 employees 250-999 employees 1000+ employees
Banking 29.3 31.3 25.7
Business Services 34.5 31.7 27.9
Construction 37.9 37.1 36.7
Consulting 29.2 31.9 24.2
Consumer services 26.3 33.3 23
Education 33.6 31.4 28.2
Energy & Utilities 34.8 32 34.4
Financial Services 31.1 31.7 29.1
Government 34.7 29.8 23.5
Healthcare & Pharmaceuticals 33.1 32.9 27.6
Hospitality 34 23.6 48.4
Insurance 36.4 34.9 31.2
Legal 32.2 29.6 32.7
Manufacturing 36.1 34.1 30.9
Not-For-Profit 35.4 32.3 30.1
Other 31 29.2 22.4
Retail & Wholesale 36.7 32.9 26.4
Technology 34.3 31.3 31.4
Transportation 33.5 33.7 16.4
After90daysPPPbyIndustry.png

Overall, KnowBe4 found that the initial baseline PPP average across all industries and sizes was an overwhelming 30%. This means that one in every three employees was susceptible to a phishing attack that could potentially shut down operations at an organization and cost thousands of dollars to recover.

Computer-based training (CBT) impact on phish-prone percentage (PPP)

After the baseline testing was completed, KnowBe4 took the same sample of organizations and enrolled the employees in computer-based training (CBT) for 90 days.

The results proved to be astounding:

Industry 1-249 employees 250-999 employees 1000+ employees
Banking 9.7 12 16.4
Business Services 15.9 13.3 21.3
Construction 16.8 19.7 15
Consulting 13 13.7 4.1
Consumer services 16.1 16.5 15.4
Education 18.6 20.9 19.3
Energy & Utilities 13.9 16 13
Financial Services 12.6 13.2 16.4
Government 14.5 14.9 10.8
Healthcare & Pharmaceuticals 17.8 14.8 19
Hospitality 26.5 14.3 0*
Insurance 15.5 16 15.3
Legal 15.6 11.4 3.8
Manufacturing 16.5 15.9 14.6
Not-For-Profit 16.3 16.5 16.4
Other 16.3 19.7 13.7
Retail & Wholesale 15.6 13.3 15.8
Technology 16.9 16.9 17.2
Transportation 12.1 19.6 15.8

(*data set too low)

AvgImprovementPPPRates.png

KnowBe4 found that with just 90 days of CBT, organizations (on average) were able to cut their PPP in half.

Security awareness training with great ROI

The results of the KnowBe4 Phishing Industry Benchmarking report clearly demonstrate the benefits of investing in a more modern security awareness training platform, with the 12-month results showing an impressive 92% average improvement rate for various organization sizes across industries.

Want to see how your organization stacks up with your industry?

If you’d like to see how your organization stacks up against your industry’s average PPP score, reach out today and schedule your baseline phishing test!

Find out how your  organization stacks up »

View the full article

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  



×
×
  • Create New...

Important Information

Terms of Use