author photo
By Robert Shields, CISSP
Fri | Feb 19, 2021 | 9:34 AM PST

Proofpoint has just released our 7th annual "State of the Phish" report. This year's findings provide insight on how organizations, end-users, and the bad guys have adapted to an unprecedented shift in information technology. This survey leverages data from thousands of respondents around the world to provide a global mosaic of phishing threats and how organizations are responding.

Actionable research for security executives and practitioners

Email remains the number one cybersecurity risk for organizations. While attacks against applications, networks, and data stores continue, attackers know the weakest link in an organization's security is their people. With this, phishing attacks continue to grow in volume and in sophistication. And sadly, they have leveraged multiple attributes of the COVID-19 pandemic to deceive users.

The report includes the results of thousands of highly-targeted phishing surveys and data derived from over 60 million phishing simulations and 15 million reported phishes. With this extensive sample of data, the report is a must read for CISOs, security teams, HR professionals, and privacy and compliance teams. It provides statistics and insight on:

  • The evolution of phishing techniques that have occurred over the past 12 months; the deceptions that were most prevalent and most effective.
  • Who in organizations are being attacked. There is little randomness in phishing attacks; targets are carefully and patiently selected.
  • How end-users are fairing in the current environment; what knowledge are they missing, what behaviors are most likely to endanger an organization.
  • What is happening with security awareness training; how has the technology responded to new challenges and best practices that organizations use to improve the impact and retention of safe computing practices.

Help to communicate these important finding to your organization

The State of the Phish was released on February 8, 2021. The report is available for download from In the report you will find:

  • Recap of the phishing challenges that organizations faced in 2020. Statistics are provided on the type of attacks and how successful attacks impacted targeted organizations and how users responded to these attacks. Additionally, international trends are reviewed as each region has unique challenges.
  • Benchmarking on industry and department data provide insight on what industries are attacked and where in the organizations attacks focus.
  • Details on key measurements focused on user reporting of phish and their resilience to attacks.
  • Who is being attacked. This is key for all security professionals to understand and respond with appropriate controls and measures.
  • And wrapping up the report, a detailed review of the state of security awareness training. Findings on the frequency, methodology, and topics of training are reviewed with highlights on regional differences.

In addition to this report, Proofpoint sponsored a recent SecureWorld webcast with security industry SMEs to review the findings and explore how organizations should adjust their plans and tactics in 2021. You can watch the on-demand webcast by registering here.