Phishing awareness is growing

The latest State of the Phish Report from Wombat Security gives an overview of the current state of phishing attacks and how companies are implementing measures to reduce risk.

According to the report, phishing attacks had a huge impact on the organisations surveyed, including:

  • 38% reported disruption to employee activities
  • 27% reported malware infection
  • 17% reported that accounts were compromised
  • 7% reported loss of data


Phishing is often used in ransomware attacks, as the 34% of infosec professionals who experienced a ransomware attack likely discovered. On the positive side, the report states that only 2% of those hit by ransomware paid the ransom. While other reports have showed much higher rates of payment, this is a positive sign that companies are taking precautions to reduce the risk of ransomware, like backing up files and data.

Phishing is slowing…

Although 76% of information security professionals reported being victim of a phishing attack and 61% reported being targeted by spear phishing last year, both attacks were down 10% compared to 2015, meaning either that there were fewer phishing attacks or people were more vigilant.

…and awareness is growing

Phishing attacks target end users, so companies have started measuring the risk their employees pose to the entire organisation. Compared to 2015, there was a 64% increase in the number of organisations assessing that risk. In response to that risk, they used a variety of activities to minimise it, including:

  • 65% used phishing simulation exercises
  • 62% used computer-based awareness training
  • 49% used in-person security awareness training
  • 42% used monthly notifications or newsletters

Roll out a security staff awareness programme

A staff awareness programme is part of a cohesive approach to reducing the risk of cyber attacks by aligning your staff with your security policies and technology. You can opt for computer-based phishing awareness training, in-person security awareness training or a phishing simulation exercise. All of these activities should be performed regularly to keep your staff on top of the latest security practices.

Discover IT Governance’s staff awareness resources >>