The report is based on data from over 12.5 million users across 35,681
organisations in 19 different industries_
Access Multimedia Content [5]
JOHANNESBURG, South Africa, August 16, 2023/ — More than one in three
of corporate employees in Africa are vulnerable to phishing attacks and
social engineering scams. However, regular training can significantly
reduce their chances of falling victim to such cyber threats.
This is among the key findings of KnowBe4’s 2023 Phishing by Industry
Benchmarking Report for Africa (https://apo-opa.info/3KJj9nc [6]), which
measures organisations’ Phish-prone Percentage (PPP) – an indication
of how many of their employees are likely to fall for phishing or a
social engineering scam.
The report is based on data from over 12.5 million users across 35,681
organisations in 19 different industries. The results of over 32.1
million simulated phishing security tests are also included. This
year’s report details international phishing benchmarks from North
America, The United Kingdom and Ireland, Europe, Africa, South America,
Asia, Australia and New Zealand.
In Africa, 412 organisations from South Africa, Kenya, Nigeria and
Botswana participated in the phishing simulation tests, with a total of
337,937 emails sent. The majority of these organisations (58%) were
small (1-249 employees), followed by medium (26%, 250-999 employees) and
large (16%, 1000+ employees) ones.
The resulting baseline PPP measured the percentage of employees in
organisations that had not conducted any KnowBe4 security training and
clicked a simulated phishing email link or opened an infected attachment
during testing.
African business users had a lower baseline PPP than many other regions,
meaning they were less likely to fall for phishing attacks before any
training. However, their improvement after 90 days of training was also
lower than other regions. After a year of ongoing training, African
users achieved a 79.8% improvement in their PPP, showing the
effectiveness of consistent security awareness education.
Africa’s human firewall
“The report underscores the fact that while technology plays an
important role in preventing and recovering from an attack,
organisations cannot afford to ignore the human factor,” says Anna
Collard, Senior Vice President of Content Strategy & Evangelist for
KnowBe4 Africa. “The root cause of most data breaches can be traced to
the human factor.”
The report shows that without security training, 33.2% of employees
across all regions and industries are likely to fall for phishing
attacks or fraudulent requests. Africa’s average was 32.8%, slightly
better than the global average and much better than South America, where
the average was 41.1%. Asia had the lowest rate of phishing – 30%.
Collard notes: “Africa’s baseline phishing security test results
shows that one out of three employees are likely to click on a
suspicious link or email or comply with a fraudulent request before
receiving training. This is very concerning considering that Africa has
seen the fastest growth in cyber crimes in recent years, especially
among small and medium-sized organisations.”
Training slashes risk
90 days after training, Africa’s PPP average was 20.5% compared to the
global average of 18.5%. After a year of consistent training, Africa’s
PPP was 6.6%, compared to a global average of 5.4%, indicating that new
habits become normal, fostering an improved security culture.
At baseline, Africa’s medium-sized enterprises had the lowest PPP –
at 29.4%, followed by small enterprises at 30% and large enterprises
with a surprisingly high 33.3%. After training, large enterprises
performed best, with a PPP average of 19% 90 days after training and
5.7% after a year. Medium sized enterprises improved to 22.7% 90 days
after training, and 10.5% after a year. Small enterprises’ PPP
improved to 25.2% after 90 days and 9% after a year.
The report also revealed which industries are most vulnerable to cyber
threats and have the highest PPP, indicating more vulnerability and a
greater need for security awareness training. Across small and medium
organisations globally, the healthcare and pharmaceuticals industries
had the highest PPP of 32.3% and 35.8%, respectively. In large
organisations, the insurance industry remained the most at risk for a
second consecutive year with a PPP of 53.2% globally. With consistent
training for a year or more, the global average PPP improvement across
sectors was 82%.
“These findings highlight the importance of ongoing, consistent
cybersecurity awareness training and testing to achieve significant risk
reduction,” says Collard. “Simply warning users or having a once-off
training session is not enough. Cybersecurity needs to be ingrained into
company culture.”
To download a copy of the 2023 KnowBe4 Phishing by Industry Benchmarking
Report, visit https://apo-opa.info/3KH885z [7].
_Distributed by APO Group on behalf of KnowBe4._
About KnowBe4:
KnowBe4, the provider of the world’s largest security awareness
training and simulated phishing platform, is used by more than 60,000
organisations around the globe. Founded by IT and data security
specialist Stu Sjouwerman, KnowBe4 helps organisations address the human
element of security by raising awareness about ransomware, CEO fraud and
other social engineering tactics through a new-school approach to
awareness training on security. Kevin Mitnick, an internationally
recognized cybersecurity specialist and KnowBe4’s Chief Hacking
Officer, helped design the KnowBe4 training based on his well-documented
social engineering tactics. Tens of thousands of organisations rely on
KnowBe4 to mobilise their end users as their last line of defence.
