Phishing Facts
Information security statistics every business should know.
Information security is paramount for all businesses, and phishing poses a serious threat. Below are some interesting phishing facts to support the need to address the phishing threat vector. To make it easier to spread the word, we added a Tweet button for each phishing fact. Please share these information security facts with others.
Interesting Phishing Facts | Phishing Fact Source | Share |
| Phishing is involved in 36% of breaches | Verizon Data Breach Report (DBIR) 2021 | |
| The median loss of a Business Email Compromise was $30,000 | Verizon Data Breach Report (DBIR) 2021 | |
| 95% of Business Email Compromise losses were between $250 and $984,855 | Verizon Data Breach Report (DBIR) 2021 | |
| 85 percent of breaches involved the human element | Verizon Data Breach Report (DBIR) 2021 | |
| 35% of breaches in North America involved social engineering | Verizon Data Breach Report (DBIR) 2021 | |
| 70% of breaches in Asia Pacific involved social engineering | Verizon Data Breach Report (DBIR) 2021 | |
| Social Engineering pattern was responsible for over 69% of breaches within Public Administration sector | Verizon Data Breach Report (DBIR) 2021 | |
| Almost 100 percent of social attacks in the Public Administration sector involved phishing | Verizon Data Breach Report (DBIR) 2021 | |
| Social Engineering accounts for 86% of the breaches within Mining, Quarrying, and Oil & Gas Extraction, and Utilities industry | Verizon Data Breach Report (DBIR) 2021 | |
| Within the manufacturing industry, over 75 percent of social engineering attacks involved phishing | Verizon Data Breach Report (DBIR) 2021 | |
| 67% of breaches can be attributed to human risk: credential threat, errors, and social attacks | Verizon Data Breach Report (DBIR) 2020 | |
| 46% of organizations received malware via email | Verizon Data Breach Report (DBIR) 2020 | |
| 96% or social attacks arrive via email | Verizon Data Breach Report (DBIR) 2020 | |
| 86% of breaches were financially motivated | Verizon Data Breach Report (DBIR) 2020 | |
| 28% of breaches involved small businesses | Verizon Data Breach Report (DBIR) 2020 | |
| 27% of malware incidents involved Ransomware | Verizon Data Breach Report (DBIR) 2020 | |
| 22% of breaches involve social attacks | Verizon Data Breach Report (DBIR) 2020 | |
| Business E-mail Compromise (BEC) schemes resulted in an annual loss of approximately $1.8 billion for U.S. consumers and businesses | 2020 FBI IC3 Report | |
| Phishing scams resulted in an annual loss of over $54 million for U.S. consumers and businesses | 2020 FBI IC3 Report | |
| 33% of breaches included social attacks | Verizon Data Breach Investigations Report (DBIR) 2019 | |
| 65% of attacker groups used spear phishing as the primary infection vector | Symantec Internet Security Threat Report (ISTR) 2019 | |
| 29% of breaches involved use of stolen credentials | Verizon Data Breach Investigations Report (DBIR) 2019 | |
| 48% of malicious email attachments are Office files | Symantec Internet Security Threat Report (ISTR) 2019 | |
| 94% of malware was delivered via email | Verizon Data Breach Investigations Report (DBIR) 2019 | |
| 32% of breaches involve phishing | Verizon Data Breach Investigations Report (DBIR) 2019 | |
| 64% of organizations have experienced a phishing attack in the past year | Check Point Research Security Report 2018 | |
| 22% of organizations see phishing as their greatest security threat | EY Global Information Security Survey 2018 | |
| 77% of IT professionals feel their security teams are unprepared for today’s cybersecurity challenges | Check Point Research Security Report 2018 | |
| 34% of organizations see careless or unaware employees as a vulnerability | EY Global Information Security Survey 2018 | |
| 59% of phishing attacks in the Americas relate to finance | NTT Security Global Threat Intelligence Report 2018 | |
| 85% of organizations say their security reporting does not meet their expectations | EY Global Information Security Survey 2018 | |
| 59% of companies consider ransomware to be their biggest threat | Check Point Research Security Report 2018 | |
| 70% of breaches associated with a nation-state or state-affiliated actors involved phishing | Verizon Data Breach Investigations Report (DBIR) 2018 | |
| 71.4% of targeted attacks involved the use of spear-phishing emails | Symantec Internet Security Threat Report 2018 | |
| 66% of malware is installed via malicious email attachments | Verizon Data Breach Investigations Report (DBIR) 2017 | |
| 49% of non-point-of-sale malware was installed via malicious email | Verizon Data Breach Investigations Report (DBIR) 2018 | |
| 43% of all breaches included social tactics | Verizon Data Breach Investigations Report (DBIR) 2017 | |
| 93% of social attacks were phishing related | Verizon Data Breach Investigations Report (DBIR) 2017 | |
| 64% of organizations have experienced a phishing attack in the past year | Check Point Research Security Report - 2018 | |
| 28% of phishing attacks are targeted | Verizon Data Breach Investigations Report (DBIR) 2017 | |
| 21% of ransomware involved social actions, such as phishing | Verizon Data Breach Investigations Report (DBIR) 2017 | |
| Finance faced 59% of phishing attacks in the Americas. | NTT Security - Global Threat Intelligence Report 2018 | |
| 74% of cyber-espionage actions within the public sector involved phishing | Verizon Data Breach Investigations Report (DBIR) 2018 | |
| 82% of manufacturers have experienced a phishing attack in the past year | Check Point Research Security Report 2018 | |
| 17% of breaches were social attacks | Verizon Data Breach Investigations Report (DBIR) 2018 | |
| 90% of incidences and breaches included a phishing element | Verizon Data Breach Investigations Report (DBIR) 2017 | |
| In 2016, 89% of all attacks involve financial or espionage motivations. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
| 30% of phishing messages were opened in 2016 – up from 23% in the 2015 report. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
| 95% of breaches and 86% of security incidents fall into nine patterns. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
| 70% of cyber attacks use a combination of phishing and hacking. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
| 63% of confirmed data breaches involved weak, default or stolen passwords. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
| The top 3 industries affected by security incidents are public, information and financial services. | Verizon Data Breach Investigations Report 2015 | |
| 50% of recipients open e-mails and click on phishing links within the first hour of being sent. | Verizon Data Breach Investigations Report 2015 | |
| Almost half of all phishing attacks registered in 2016 were aimed at stealing victim’s money. | Kaspersky Lab Report 2016 | |
| Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc. | Kaspersky Lab Report 2016 | |
| Email phishing rate is 1 in 1,846. | Symantec Internet Security Threat Report 2016 | |
| 34.9% of all spear-phishing e-mail was directed at an organization in the financial industry. | Symantec Internet Security Threat Report 2016 | |
| The number of spear-phishing campaigns targeting employees increased by 55%. | Symantec Internet Security Threat Report 2016 | |
| The APWG announced that the number of observed phishing attacks in Q1 2016 was higher than any total since 2004. | Anti-Phishing Working Group (APWG) |