According to reports, approximately 30% of all phishing messages are opened by targeted users. Here’s what you need to know about this sort of cyberattack, as well as the most important phishing statistics for 2020.

If you’ve ever wondered things like “what proportion of cyber attacks are phishing attacks?” you’re in luck. Readers and customers often ask us questions like this. So, why not just write an article about it and include a bunch of other phishing figures, we reasoned? For that burning itch, we’ll be your analgesic cream.

But before we get into the numbers, let’s take a moment to review what phishing is. Then we’ll give you those amusing (and possibly alarming) phishing statistics.

What is Phishing and What Are the Most Common Types of Phishing?

Phishing is a form of cyberattack in which a cybercriminal manipulates a victim’s actions through social engineering. The aim may be to convince them to provide their login credentials via a malicious website form, or to submit money via wire transfer (as is the case in CEO fraud schemes).

In reality, phishing attacks come in many different forms — although they all intend to achieve virtually the same goal (just through different means). Some examples of different types of phishing attacks include (but are not limited to):

  • business email compromise (BEC),
  • spear phishing,
  • vishing,
  • smishing,
  • HTTPS phishing, and
  • whaling.

So, now that we have that out of the way, let’s explore the most up to date phishing statistics.

15 Phishing Statistics: How Phishing Retains Its Title as the Top Attack Vector\s

1. Phishing is the No. 1 Cause of Data Breaches

I was taken aback. Not at all shocking. Whatever your feelings are about our first phishing figure, the truth remains that phishing is the leading cause of data breaches, according to Verizon’s 2019 Data Breach Investigations Study (DBIR). We’re interested to see where phishing ranks in their 2020 DBIR, but we’ll have to wait a few months (until their next report is released) to find out.

2. 33% of Consumers Will Abandon a Business After a Security Breach

This figure is even more important when you remember that phishing is the leading cause of data breaches. According to Avanan, a cyber protection website, one out of every three customers ceases doing business with a company after a data breach is disclosed.

3. BEC/EAC Is a $26+ Billion Scam Affecting Victims Globally

According to the FBI’s Internet Crime Complaint Center (IC3), there were $166,349 business email compromise/email account compromise (BEC/EAC) incidents reported to the IC3 between June 2016 and July 2019. Victims in the United States and 177 other countries recorded damages totaling $26,201,775,589 in domestic and foreign currency.

4. Fraudulent Transfers Are Sent to More Than 140 Countries

During that time, the IC3 estimates that BEC/EAC fraudulent transfers were sent to at least 140 countries. China and Hong Kong are the most popular destinations for fraudulent fund transfers. The FBI, on the other hand, has noticed a rise in these forms of transfers to beneficiaries in the United States, Mexico, and Turkey.

5. 68% of All Phishing Websites Use HTTPS Protocol

According to the Anti-Phishing Working Group’s (APWG) 3rd Quarter 2019 Phishing Activity Trends Survey, SSL security was used by more than two-thirds of all phishing websites surveyed. This was an improvement from the previous quarter’s figure of 54 percent. “This was the highest percentage since monitoring started in early 2015, which is a strong indication that users can’t rely on SSL alone to understand whether a site is secure or not,” according to the study, which used data from PhishLabs.

6. SaaS and Webmail Users (33%) Continue to Be Biggest Phishing Targets

Without data from the APWG, a list of phishing statistics will be incomplete. According to their Q3 2019 Phishing Activity Trends Report results, software-as-a-service (SaaS) and webmail sites were the most targeted by phishing campaigns and attacks that quarter, accounting for 33 percent of the most-targeted industry sectors. This is in contrast to attacks on other industries, such as healthcare, government, electricity, and gaming, which were minor at the time.

7. Malicious or Criminal Attacks Caused More Than Half of Data Breaches in the Last Year

“Fifty-one percent of events involved a malicious or illegal attack,” according to IBM’s 2019 Cost of a Data Breach survey, which includes “malware infections, criminal insiders, phishing/social engineering, and SQL injection,” among the 507 organisations that announced a data breach. Device flaws (25 percent) and human error were the other two types of causes (24 percent ).

8. 78% of Known Cyber-Espionage Incidents Involved Phishing

According to Verizon’s 2019 BDIR, phishing plays a significant role in cyber espionage. During the study era, phishing was involved in more than three-quarters of known cyber-espionage events, and 87 percent of the incidents involved “the installation and use of backdoors and/or C2 malware.”

9. 90+% of Successful Phishing Attacks Are Done Through Phishing

According to KnowBe4, phishing attacks are responsible for more than 90% of successful data breaches and hacks.

10. Nearly One-Third of Phishing Emails Get Past Default Security Mechanisms

Whatever a company’s marketing department says, there’s no way to avoid any spam or malicious email from reaching your inbox. According to Avanan, 30 percent of phishing email messages get past default protection measures.

11. Users Reported 9.2 Million Suspicious Emails in 2019

According to ProofPoint’s 2020 State of the Phish survey, users reporting suspicious emails using their PhishAlarm® email reporting tool increased by 67 percent over the previous year. It took an hour on average from the time an email was sent to the time it was published.

12. 65% of U.S. Organizations Measure Phishing Costs in Terms of Downtime

According to ProofPoint’s 2020 State of the Phish survey, the largest unit of measure for phishing costs for U.S. companies is end-user downtime hours. This figure is lower than the global average of 52 percent.

13. Phishing Resulted in Data Loss for 59% of Surveyed Japanese Organizations

For Japanese businesses, phishing attacks are a big concern. According to ProofPoint’s 2020 State of the Phish survey, “59 percent of Japanese organisations experienced data loss as a result of a phishing attack,” with “45 percent suffering financial loss.”

14. Nearly 83% of Spam Emails Are Less Than 2KB in Size

Spam emails do not have to be large in order to have a significant effect. According to Kaspersky’s website, 82.93 percent of spam emails reported in Q3 2019 were 0-2KB in size. This reflects a small (4.33 percentage point) decrease from the previous quarter.
In the third quarter of 2019, China accounted for more than 20% of all spam emails.

According to data from Kaspersky’s SecureList website, China ranked first in terms of people sending the most spam emails. According to the group, China accounted for 20.42 percent of spam messages, followed by the United States at 13.37 percent and Russia at $5.6 percent.

Final Thoughts on Phishing Statistics

Although there are many more phishing statistics available, we figured these would be the most useful and help to paint the clearest picture of phishing from a business standpoint. Phishing has an effect on everyone, from the victims of phishing campaigns to the companies and individuals that attackers want to impersonate.


Categorized in:

Tagged in: