Phishing emails masquerading as HR and IT-related communications are the most likely to be clicked on by employees as unveiled in a recent study, posing a significant cybersecurity risk to organizations across various industries.
The 2024 Phishing by Industry Benchmarking Report, conducted by KnowBe4, analyzed data from over 54 million simulated phishing tests.
While these tests are performed across more than 11.9 million users from 55,675 organizations in 19 different industries.
Through this report researchers at KnowBe4 highlighted the ongoing vulnerability of employees to social engineering attacks, particularly those that mimic internal communications.
High Initial Vulnerability: The study found that without proper training, organizations across all industries and sizes faced an average Phish-prone Percentage (PPP) of 34.3%. This means that roughly one in three employees were likely to interact with malicious emails.
Industry-Specific Risks: Healthcare & Pharmaceuticals emerged as one of the most vulnerable sectors, with a PPP of 51.4% for large organizations. Other high-risk industries included Insurance (48.8%) and Energy & Utilities (47.8%).
Size Matters: Larger organizations (1000+ employees) generally showed higher vulnerability, with several industries exceeding a 40% PPP.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration
The report emphasizes the crucial role of comprehensive security awareness training:
Cybersecurity experts stress the importance of continuous education and testing. “Merely paying lip service to security awareness programs does little to shield an organization from attacks that target human vulnerabilities,” the report states.
To mitigate risks, organizations are advised to:-
However, it’s important to note that the transforming employee behavior requires persistence, but the benefits of a security-aware workforce are invaluable in the face of increasingly sophisticated phishing attempts.
By prioritizing human risk management and encouraging a strong cybersecurity culture, organizations can significantly reduce their vulnerability to phishing attacks and other social engineering threats.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…
Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…
A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…
Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…
Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as…