Phishing Facts

Information security statistics every business should know.

Information security is paramount for all businesses, and phishing poses a serious threat. Below are some interesting phishing facts to support the need to address the phishing threat vector.  To make it easier to spread the word, we added a Tweet button for each phishing fact. Please share these information security facts with others.

Interesting Phishing Facts

Phishing Fact Source

Share

70% of breaches associated with a nation-state or state-affiliated actors involved phishingVerizon Data Breach Investigations Report (DBIR) 2018
71.4% of targeted attacks involved the use of spear-phishing emailsSymantec Internet Security Threat Report 2018
66% of malware is installed via malicious email attachmentsVerizon Data Breach Investigations Report (DBIR) 2017
49% of non-point-of-sale malware was installed via malicious emailVerizon Data Breach Investigations Report (DBIR) 2018
43% of all breaches included social tacticsVerizon Data Breach Investigations Report (DBIR) 2017
93% of social attacks were phishing relatedVerizon Data Breach Investigations Report (DBIR) 2017
64% of organizations have experienced a phishing attack in the past yearCheck Point Research Security Report - 2018
28% of phishing attacks are targetedVerizon Data Breach Investigations Report (DBIR) 2017
21% of ransomware involved social actions, such as phishingVerizon Data Breach Investigations Report (DBIR) 2017
Finance faced 59% of phishing attacks in the Americas.NTT Security - Global Threat Intelligence Report - 2018
74% of cyber-espionage actions within the public sector involved phishingVerizon Data Breach Investigations Report (DBIR) 2018
82% of manufacturers have experienced a phishing attack in the past yearCheck Point Research Security Report - 2018
17% of breaches were social attacksVerizon Data Breach Investigations Report (DBIR) 2018
90% of incidences and breaches included a phishing elementVerizon Data Breach Investigations Report (DBIR) 2017
In 2016, 89% of all attacks involve financial or espionage motivations.Verizon Data Breach Investigations Report  (DBIR) 2016
30% of phishing messages were opened in 2016 – up from 23% in the 2015 report.Verizon Data Breach Investigations Report  (DBIR) 2016
95% of breaches and 86% of security incidents fall into nine patterns.Verizon Data Breach Investigations Report  (DBIR) 2016
70% of cyber attacks use a combination of phishing and hacking.Verizon Data Breach Investigations Report  (DBIR) 2016
63% of confirmed data breaches involved weak, default or stolen passwords.Verizon Data Breach Investigations Report  (DBIR) 2016
The top 3 industries affected by security incidents are public, information and financial services.Verizon Data Breach Investigations Report 2015
50% of recipients open e-mails and click on phishing links within the first hour of being sent.Verizon Data Breach Investigations Report 2015
Almost half of all phishing attacks registered in 2016 were aimed at stealing victim’s money.Kaspersky Lab 2016 Report
Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc.Kaspersky Lab 2016 Report
Email phishing rate is 1 in 1,846.Symantec Internet Security Threat Report
34.9% of all spear-phishing e-mail was directed at an organization in the financial industry.Symantec Internet Security Threat Report
The number of spear-phishing campaigns targeting employees increased by 55%.Symantec Internet Security Threat Report
The APWG announced that the number of observed phishing attacks in Q1 2016 was higher than any total since 2004.Anti-Phishing Working Group (APWG)