KnowBe4 Report Shows Asia Takes the Lead in Phishing Awareness
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today released its 2024 Phishing Benchmarking Report for Asia. This report measures an organisation’s Phish-prone™ Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or social engineering scams.
This year’s report shows that without security training, across all industries, almost one in three (28.4%) employees in Asia are likely to click on a suspicious link or comply with a fraudulent request. This figure places the region significantly below the global average of 34.3% and demonstrates that employees in Asia are more vigilant in identifying malicious links and other forms of phishing. This is also a drop from last year’s PPP of 30%, indicating that a heightened focus on cybersecurity has made a substantial improvement in cyber posture.
KnowBe4 analysed over 54 million simulated phishing tests across more than 11.9 million users from 55,675 organisations in 211 countries across North America, South America, Europe, Africa, and Australia/New Zealand. The resulting baseline PPP measures the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
The findings in the report clearly demonstrate the effectiveness of combining simulated phishing security tests with security awareness training. Asia organisations that engaged in consistent training and testing experienced a substantial decrease in their average PPP to from 28.4% to 17% within the first 90 days and a further reduction to 5.5% after a year of continuous training and testing.
In general, Asia employees fare better than the worldwide average of 18.9% after 90 days and slightly higher after one year of consistent training and testing (5.5% compared to 4.6%), suggesting that employees in these regions are well-informed and more familiar with the tactics of cybercriminals. Despite being a front-runner when compared to the rest of the globe, organisations in Asia must continue to focus on mitigating the human risk that exists when safeguarding against cyber threats.
The considerable overall improvement in PPP over three and 12 months is evidence that transforming cybersecurity culture requires breaking existing habits to make way for more secure ones. As employees adopt new behaviours and these become habitual, they evolve into standard practices that shape organisational culture, creating a workforce that instinctively prioritises security.
Some interesting facts highlighted and discussed in the report include:
- Cyber-attacks targeting sensitive data in both public and private sectors have increased in frequency, complexity, and severity in the APAC region.
- Cyber risk is the primary concern for businesses in APAC, with malware, ransomware, and social engineering attacks being the most common attack strategies.
- High-profile breaches and government regulations are raising the region’s cybersecurity awareness. While employees are increasingly recognising their responsibility, this varies widely based on organisational culture and training intensity.
- Linguistic and cultural diversity adds to the challenge of creating a unified security culture, highlighting the need for tailored cybersecurity education and awareness.
- Organisations in the region are concerned with AI as an emerging threat vector. The rapid adoption of AI in certain industries presents additional risks if not implemented with strong cybersecurity measures.
“With the Asia-Pacific region experiencing a significant surge in cyberattacks compared to its global counterparts, this report reinforces the crucial role the human element plays in cybersecurity. Although technology is important for preventing and recovering from cyberattacks, human error is still a big contributing factor to data breaches. Although it’s encouraging to see Asia’s phishing results showed an improvement from last year, AI-driven threats will increase, so it’s imperative that organisations continue to strengthen the human firewall with regular and focused security awareness training,” said Dr Martin Kraemer, Security Awareness Advocate at KnowBe4.
This year’s report also examines phishing benchmarks from North America, South America, the UK and Ireland, Europe, Africa, Australia, and New Zealand.
To download a copy of the 2024 KnowBe4 Phishing by Industry Benchmarking Report, click here.