2017-2018 Phishing Statistics Every Manager Must- Know

2017 was a significant year in terms of cyber-attacks.
Global cyber-attacks brought losses resulting in hundreds of millions of dollars and the shutdown of hospitals and other critical infrastructure. Though it may seem obvious to anyone in the security industry that 2017 was no ordinary year, we keep getting requests from customers and prospects for facts and figures they can deliver to their boards.
So, with the notion that we might need to spread the word beyond our lovely community, we have gathered some statistics on Phishing attacks and their impact in 2017.

It should be noted that though we tried to use 2017 data, most of the research into 2017 will probably be released by mid-2018, so we opted to include both data regarding the previous year and research published during 2017 (which in part relates to data generated during 2016).

Because we know blog posts are not the best vehicle for driving management changes, we also created a short presentation that you can download and use, which highlights the below figures.

1. 90 percent of data breaches are the result of phishing

2. 15% of users who were successfully phished will be phished at least one more time within the same year.

3. 76% of organizations reported being the victim of a phishing attack in 2016

4. 1 in 131 emails contained malware in 2016, the highest rate in 5 years

5. Attackers have shifted from using malware to using various forms of email-borne impersonations

6. Attacks are shifting beyond the CEO-CFO relationship, targeting other employee groups deeper within the organization

Research has also shown that although most cyber security spending is concentrated on detection and mitigation tools, the most cost-effective spend is in prevention. Every dollar spent effectively in employee readiness and prevention saves hundreds of dollars in detection, mitigation, and recovery. From what we see, 2018 is going to be a year of increasing awareness and prevention.

In cyber security, just like in sport – “Practice makes perfect,” and there are ways to make your employees a winning team in that domain. We @ CybeReady know how to change employees’ behavior and get them onboard with your cyber security efforts.


Have a safe new year!