Common and desctructive.

Information security is paramount for all businesses, and phishing poses a serious threat. Below are some interesting phishing facts to support the need to address the phishing threat vector. Please share these critical information security facts with others.


of all security breaches involve the human element.


of ransomware attacks are delivered via email.


increase in phishing attacks sent per second in the last year.




82% of breaches involved the human element
35% of ransomware attacks are delivered via email
Phishing remains one of the four main entry points to an organization, accounting for more than 60% of all social engineering attacks
14% of business email compromises in the United States recovered none of their financial losses
95% of Business Email Compromise losses were between $250 and $984,855
85% of breaches involved the human element
35% of breaches in North America involved social engineering
70% of breaches in Asia Pacific involved social engineering
Social Engineering was responsible for over 69% of breaches within the Public Administration sector
Almost 100% of social attacks in the Public Administration sector involved phishing
Social Engineering accounts for 86% of the breaches within the Mining, Quarrying, Oil & Gas Extraction, and Utilities industries
Within the manufacturing industry, over 75% of social engineering attacks involved phishing
67% of breaches can be attributed to human risk: credential threat, errors, and social attacks
46% of organizations received malware via email
96% of social attacks arrive via email
86% of breaches were financially motivated
28% of breaches involved small businesses
27% of malware incidents involved ransomware
22% of breaches involve social attacks
Business E-mail Compromise (BEC) schemes resulted in an annual loss of approximately $1.8 billion for U.S. consumers and businesses
Phishing scams resulted in an annual loss of over $54 million for U.S. consumers and businesses
33% of breaches included social attacks
65% of attacker groups used spear phishing as the primary infection vector
29% of breaches involved use of stolen credentials
48% of malicious email attachments are Office files
94% of malware was delivered via email
64% of organizations have experienced a phishing attack in the past year
22% of organizations see phishing as their greatest security threat
77% of IT professionals feel their security teams are unprepared for today’s cybersecurity challenges
34% of organizations see careless or unaware employees as a vulnerability
59% of phishing attacks in the Americas relate to finance
70% of breaches associated with a nation-state or state-affiliated actors involved phishing
71.4% of targeted attacks involved the use of spear-phishing emails
66% of malware is installed via malicious email attachments
49% of non-point-of-sale malware was installed via malicious email
43% of all breaches included social tactics
93% of social attacks were phishing related
64% of organizations have experienced a phishing attack in the past year
28% of phishing attacks are targeted
21% of ransomware involved social actions, such as phishing
Finance faced 59% of phishing attacks in the Americas
74% of cyber-espionage actions within the public sector involved phishing
82% of manufacturers have experienced a phishing attack in the past year
17% of breaches were social attacks
90% of incidences and breaches included a phishing element
In 2016, 89% of all attacks involved financial or espionage motivations.
30% of phishing messages were opened in 2016 – up from 23% in 2015.
95% of breaches and 86% of security incidents fall into nine patterns.
70% of cyber attacks use a combination of phishing and hacking.
63% of confirmed data breaches involved weak, default, or stolen passwords.
The top 3 industries affected by security incidents are public, information, and financial services.
50% of recipients open emails and click on phishing links within the first hour of them being sent.
Almost half of all phishing attacks registered in 2016 were aimed at stealing a target's money.
Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc.
34.9% of all spear-phishing email was directed at an organization in the financial industry.
The number of spear-phishing campaigns targeting employees increased by 55%.
The APWG announced the number of observed phishing attacks in Q1 2016 was higher than any total since 2004.