A study carried out by cybersecurity firm KnowBe4 earlier in 2018 was able to discover which industries were most likely to fall victim to a successful phishing attack. The survey of 12 industries and services included testing of employees within those sectors at regular intervals to determine their likelihood for succumbing to phishing attempts. In total, six million personnel in approximately 11,000 organizations of various sizes were surveyed, and about 30 percent of those tested in each industry were found to be susceptible to phishing attacks.
The industries studied were divided into 12 categories: Insurance, manufacturing, technology, Not for Profit, Retail & Wholesale, Energy & Utilities, Healthcare & Pharma, Education, Business Services, Financial Services, Government, and Other. The sector found least likely to fall for a phishing attempt was Government with approximately 25 percent. The public sector performed a full percentage point better than the next private industry, Financial Services, which stood at 26.3 percent. The worst by far was Insurance with 32.7 percent of employees found to be vulnerable to phishing attempts. It was followed by Manufacturing at 31 percent, Technology at 30.1 percent, Not for Profit at 29.9 percent, and Retail & Wholesale at 28 percent.
The study also found that size also had a significant impact on employee phishing readiness. Smaller and medium-sized Insurance businesses performed worse than those with over 1000 employees, with 35 percent, 33 percent, and 29 percent, respectively. Insurance was the only industry to perform consistently badly across the board, but it was still followed closely by Manufacturing and Technology. Not for Profit was the next sector where organizations with under 250 employees were phish-prone, as well as the most likely for organizations with over 1000 personnel to become a victim of an attack. Business Services were the least likely larger organizations to be phishing-prone with just under 20% of employees found to be susceptible, followed closely by Government at 20.8 percent.
Phishing has become one of the most common hacking attacks and developments over the past few years indicate that hackers are increasing the amount effort they put into entrapping their targets. Some cybercriminals often now devote more time into researching potential phishing victims, especially if they are perceived as having access to something valuable. There are even breach attacks tailored just for executives and other gatekeepers of sensitive corporate information. As the study shows, however, these types of cybercrimes do not affect just commercial businesses, but extend to government agencies and not for profit organizations (NPOs), such as religious institutions and consumer protection departments.
If you are in one of these phish-prone industries, or are just worried about phishing in general, then you should look into our Phishing Defender employee security awareness training. We provide testing for your network and training for your employees to help you be prepared for next inevitable phishing attempt. Check out https://swkmcs.wpengine.com/phishing-defender/ or contact us to learn more.