author photo
By Bruce Sussman
Thu | Jan 30, 2020 | 3:30 PM PST

The results of the sixth annual State of the Phish report are in. 

Utilizing the data from the report can help you increase the security posture of your organization, improve your cyber risk management program, and help you get executive or board buy-in.

Let's start by hitting a few of the key points just revealed in the State of the Phish Report 2020 web conference, which is available on-demand.

Proofpoint State of the Phish Report 2020

Proofpoint customers and end-users reported more than 9 million suspicious emails in 2019, which is a major increase over prior year. And 55% of organizations experienced at least one successful phishing attack in 2019. 

Those are just a couple of phishing details uncovered by the research.

However, the sixth annual Proofpoint report goes well beyond phishing. It also shows ongoing challenges for security teams who are pushing security awareness forward.

Here are the percentages of employees who could properly define the following cyber threats:

state-of-phish-2020-employee-knowledge-stats

"Maybe you think having 61% of employees properly defining the term phishing is pretty good," says Gretel Egan, Security Awareness and Training Strategist at Proofpoint.

"However, what if you have 10,000 employees? That means you can expect 3,900 of them to not fully understand phishing. There remains a significant language barrier around these security risks."

And it's not just what your employees know. The State of the Phish report shows it is also what employees do on your corporate devices.

They are using these devices for personal tasks, and so are their friends and family:

state-of-phish-2020-employee-on-work-devices

State of the Phish report: risky behaviors impact organizations

The report also uncovered the percentage of working adults who engage in other risky behaviors which can impact organizational security:

state-of-phish-2020-risky-employee-behavior

Proofpoint State of the Phish 2020, big data to reduce risk

This year's report is based on nearly 50 million simulated phishing emails, 9 million suspicious emails reported by end-users, and surveys of 3,500 technology users and 600 IT security professionals.

And its a gold mine for what you are trying to accomplish, which is reduce risk.

Proofpoint cybersecurity advisor Alan Levine is the former CISO for two Fortune 500 companies. During the web conference, he showed a three-pronged approach to reducing cyber risk through a comprehensive security awareness program.

state-of-phish-2020-risk-management-program

"At the end of the day, risk management is all about visibility. And visibility is the opposite of flying blind," says Levine. 

"Data, like that within the State of the Phish report, feeds data risk management. And it will help you align with your business mission and decide on effective use of cyber resources."

Levine also shared another way to view this:

state-of-phish-2020-why-data-matters

"As a CISO, I would take ideas to management and explain my idea for how we should proceed. They would ask, 'Why?' They wanted data."

Now, you will have it.

For more on this year's big data findings from Proofpoint research and how to use it within your organization, watch State of the Phish Report 2020, available on-demand. 

It also includes a link to a PDF download of this year's full report.

Comments