A new study on a worker’s susceptibility to being successfully
phished found those working in the construction industry the most likely to
fall for an attack, however, with the proper training this weakness can be
almost entirely weeded out.KnowBe4’s Phishing by Industry 2019 report looked at 19 industries breaking them down into three categories, small, up to 250 workers; medium, 250-999; and large, 1,000 and more. Those in the construction industry placed first in falling for attacks in small and medium-sized businesses and second place in large corporations where the hospitality industry took first place. Retail/wholesale and insurance rounded out the small business category, while insurance and manufacturing did so for medium-sized businesses. An organizations phish-prone percentage (PPP) indicates how many of their employees are likely to fall for a social engineering or phishing scam.
Overall, 2019 was not a good year with the overall PPP
rising 2.6 percent to 29.6 percentHowever, once training began the percent of a company’s workers
likely to fall for a phishing scam dropped dramatically.In the construction category after 90 days of combined computer-based
training and simulated phishing security testing the PPP numbers fell to 16.8 percent,
small; 19.7 percent, medium; and 15 percent for large companies. After 12
months of such training the PPP fell further to 1.8 percent, 3.1 percent and
7.9 percent, KnowBe4 reported.“It’s interesting (and maybe scary) to see that no
organization does well without training. Industries such as energy and
utilities were over 30 percent and so were technology vendors and other technology-based
companies. Not-for-profit organizations also ranked over 30 percent and
insurance and manufacturing organizations exceeded 35 percent. Even smaller
organizations in industries that typically require more regulatory oversight
and requirements fared badly,” the report said.KnowBe4 said the study analyzed a data set that included
nearly nine million users across 18,000 organizations with over 20 million
simulated phishing security tests across nineteen different industries.