Globally 1 in 5 Employees Fail Global Phishing Test: Terranova Security

The new edition of the Terranova Security Phishing Benchmark Global Report, drawing on results from the 2021 Gone Phishing TournamentTM, reveals that overall end user click rates remained high in the face of this year’s phishing simulation. It also details the rise in the number of users who would’ve compromised their devices with malware had the phishing simulation not been a safe testing environment. 

The 2021 Phishing Benchmark Global Report results emphasize the growing need for all organizations to address the human element of cyber security by implementing engaging, informative security awareness training programs that leverage real-world phishing simulations to change the right end user behaviors. 

These revelations come at the end of a year where digital transformation accelerated at many workplaces worldwide. The widespread adoption of remote or hybrid work cultures and related technologies enhanced collaboration and productivity, but it also meant cyber security awareness levels were tested much more frequently and with increasingly complex cyber threats. 

The 2021 Gone Phishing Tournament took place over two weeks in October 2021 to coincide with Cybersecurity Awareness Month. In all, close to 1 million phishing simulation emails in 20 different languages were sent to end users during this stretch. 

2021 Phishing Benchmark Global Report: Key Results 

The 2021 Gone Phishing Tournament revealed that, in general, a significant portion of end users are still inclined to click on phishing email links and, in the case of this year’s simulation template, download malicious file attachments when prompted.  

Nearly one in every five end users (19.8%) who received the phishing simulation email clicked on the initial message’s phishing link, which is on par with the 2020 edition of the event. In total, 14.4% of all end users failed to recognize the simulation’s resulting webpage as unsafe and clicked on the malicious file’s download link. 

These realities mean that the number of initial clickers who ended up downloading the phishing simulation’s webpage file exceeded 70%, representing an increase of nearly three percentage points from the previous year. 

Other key data highlights from the third edition of this event include: 

  • When it came to downloading the malware document, North America fared best as a region (11.8%), while Europe took the runner-up slot (14.9). The Asia Pacific region finished with the highest malware download rate. 
  • For click rates by industry, Education, Finance and Insurance, and Information Technology exhibited the highest totals, all scoring over 25%. Meanwhile, Healthcare, Transport, and Retail all kept their click rates under 10%. 
  • Information Technology had the highest click-to-download ratio across all industries, with 84% of those who clicked on the initial phishing link eventually downloading the malware file. 

2021 Phishing Benchmark Global Report: Methodology 

This year’s email and webpage templates were supplied by Microsoft and reflected a real-world scenario all end users may encounter in their daily lives. The template’s scenario, selected by the Terranova Security leadership team, measured several end user phishing behaviors, including clicking on a link in the body of a phishing email and delivering malware in a downloadable file through a phishing webpage. 

The email and webpage spoofed the Microsoft SharePoint interface for an authentic look and feel. The email message even included instructions on how to download the file, which further enticed the end user to complete the action once they landed on the webpage. These decisions were made to give recipients a realistic sample of the increasingly complex nature of current phishing threats affecting professionals across many different industries. 

End users who clicked on the webpage link to download the malware file were met with a feedback page that offered a powerful learning moment. It pointed out warning signs the user may have missed during the simulation and highlighted best practices to keep in mind moving forward, giving them the tools needed to detect and avoid future threats consistently. 

Download the 2021 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament. 

Leave a Reply

%d bloggers like this: