Information security is paramount for all businesses, and phishing poses a serious threat. Below are some interesting phishing facts to support the need to address the phishing threat vector. To make it easier to spread the word, we added a Tweet button for each phishing fact. Please share these information security facts with others.
Interesting Phishing Facts | Phishing Fact Source | Share |
Phishing is involved in 36% of breaches | Verizon Data Breach Report (DBIR) 2021 | |
The median loss of a Business Email Compromise was $30,000 | Verizon Data Breach Report (DBIR) 2021 | |
95% of Business Email Compromise losses were between $250 and $984,855 | Verizon Data Breach Report (DBIR) 2021 | |
85 percent of breaches involved the human element | Verizon Data Breach Report (DBIR) 2021 | |
35% of breaches in North America involved social engineering | Verizon Data Breach Report (DBIR) 2021 | |
70% of breaches in Asia Pacific involved social engineering | Verizon Data Breach Report (DBIR) 2021 | |
Social Engineering pattern was responsible for over 69% of breaches within Public Administration sector | Verizon Data Breach Report (DBIR) 2021 | |
Almost 100 percent of social attacks in the Public Administration sector involved phishing | Verizon Data Breach Report (DBIR) 2021 | |
Social Engineering accounts for 86% of the breaches within Mining, Quarrying, and Oil & Gas Extraction, and Utilities industry | Verizon Data Breach Report (DBIR) 2021 | |
Within the manufacturing industry, over 75 percent of social engineering attacks involved phishing | Verizon Data Breach Report (DBIR) 2021 | |
67% of breaches can be attributed to human risk: credential threat, errors, and social attacks | Verizon Data Breach Report (DBIR) 2020 | |
46% of organizations received malware via email | Verizon Data Breach Report (DBIR) 2020 | |
96% or social attacks arrive via email | Verizon Data Breach Report (DBIR) 2020 | |
86% of breaches were financially motivated | Verizon Data Breach Report (DBIR) 2020 | |
28% of breaches involved small businesses | Verizon Data Breach Report (DBIR) 2020 | |
27% of malware incidents involved Ransomware | Verizon Data Breach Report (DBIR) 2020 | |
22% of breaches involve social attacks | Verizon Data Breach Report (DBIR) 2020 | |
Business E-mail Compromise (BEC) schemes resulted in an annual loss of approximately $1.8 billion for U.S. consumers and businesses | 2020 FBI IC3 Report | |
Phishing scams resulted in an annual loss of over $54 million for U.S. consumers and businesses | 2020 FBI IC3 Report | |
33% of breaches included social attacks | Verizon Data Breach Investigations Report (DBIR) 2019 | |
65% of attacker groups used spear phishing as the primary infection vector | Symantec Internet Security Threat Report (ISTR) 2019 | |
29% of breaches involved use of stolen credentials | Verizon Data Breach Investigations Report (DBIR) 2019 | |
48% of malicious email attachments are Office files | Symantec Internet Security Threat Report (ISTR) 2019 | |
94% of malware was delivered via email | Verizon Data Breach Investigations Report (DBIR) 2019 | |
32% of breaches involve phishing | Verizon Data Breach Investigations Report (DBIR) 2019 | |
64% of organizations have experienced a phishing attack in the past year | Check Point Research Security Report 2018 | |
22% of organizations see phishing as their greatest security threat | EY Global Information Security Survey 2018 | |
77% of IT professionals feel their security teams are unprepared for today’s cybersecurity challenges | Check Point Research Security Report 2018 | |
34% of organizations see careless or unaware employees as a vulnerability | EY Global Information Security Survey 2018 | |
59% of phishing attacks in the Americas relate to finance | NTT Security Global Threat Intelligence Report 2018 | |
85% of organizations say their security reporting does not meet their expectations | EY Global Information Security Survey 2018 | |
59% of companies consider ransomware to be their biggest threat | Check Point Research Security Report 2018 | |
70% of breaches associated with a nation-state or state-affiliated actors involved phishing | Verizon Data Breach Investigations Report (DBIR) 2018 | |
71.4% of targeted attacks involved the use of spear-phishing emails | Symantec Internet Security Threat Report 2018 | |
66% of malware is installed via malicious email attachments | Verizon Data Breach Investigations Report (DBIR) 2017 | |
49% of non-point-of-sale malware was installed via malicious email | Verizon Data Breach Investigations Report (DBIR) 2018 | |
43% of all breaches included social tactics | Verizon Data Breach Investigations Report (DBIR) 2017 | |
93% of social attacks were phishing related | Verizon Data Breach Investigations Report (DBIR) 2017 | |
64% of organizations have experienced a phishing attack in the past year | Check Point Research Security Report - 2018 | |
28% of phishing attacks are targeted | Verizon Data Breach Investigations Report (DBIR) 2017 | |
21% of ransomware involved social actions, such as phishing | Verizon Data Breach Investigations Report (DBIR) 2017 | |
Finance faced 59% of phishing attacks in the Americas. | NTT Security - Global Threat Intelligence Report 2018 | |
74% of cyber-espionage actions within the public sector involved phishing | Verizon Data Breach Investigations Report (DBIR) 2018 | |
82% of manufacturers have experienced a phishing attack in the past year | Check Point Research Security Report 2018 | |
17% of breaches were social attacks | Verizon Data Breach Investigations Report (DBIR) 2018 | |
90% of incidences and breaches included a phishing element | Verizon Data Breach Investigations Report (DBIR) 2017 | |
In 2016, 89% of all attacks involve financial or espionage motivations. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
30% of phishing messages were opened in 2016 – up from 23% in the 2015 report. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
95% of breaches and 86% of security incidents fall into nine patterns. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
70% of cyber attacks use a combination of phishing and hacking. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
63% of confirmed data breaches involved weak, default or stolen passwords. | Verizon Data Breach Investigations Report (DBIR) 2016 | |
The top 3 industries affected by security incidents are public, information and financial services. | Verizon Data Breach Investigations Report 2015 | |
50% of recipients open e-mails and click on phishing links within the first hour of being sent. | Verizon Data Breach Investigations Report 2015 | |
Almost half of all phishing attacks registered in 2016 were aimed at stealing victim’s money. | Kaspersky Lab Report 2016 | |
Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc. | Kaspersky Lab Report 2016 | |
Email phishing rate is 1 in 1,846. | Symantec Internet Security Threat Report 2016 | |
34.9% of all spear-phishing e-mail was directed at an organization in the financial industry. | Symantec Internet Security Threat Report 2016 | |
The number of spear-phishing campaigns targeting employees increased by 55%. | Symantec Internet Security Threat Report 2016 | |
The APWG announced that the number of observed phishing attacks in Q1 2016 was higher than any total since 2004. | Anti-Phishing Working Group (APWG) |