- Employee awareness
- 6 min read
A recent report by Hoxhunt has revealed the countries with organisations with the best and safest performance against phishing attacks.
Hoxhunt’s study, titled Behavioural Cybersecurity Statistics 2022, is based on analysis of interactions spanning 1.6 million people across 24.7 million simulations in over 100 countries. There is a lot of data to draw from and a lot of conclusions to be made.
In today’s blog we will break down the key findings from the report and what it tells us about differences in phishing awareness across global regions.
The study analyses responses to phishing with great detail. Users from these countries were subjected to simulated phishing attacks as part of their security awareness training. The reactions to these simulated attacks were observed and classified according to the following three indicators:
The study then applies a percentage value to the three different indicators.
Below are the nations with the best and safest behaviours in response to phishing attempts. Recuring nations include Hungary, Austria, Switzerland, and Denmark.
In contrast, below you will find the worst performing countries when it comes to ransomware attacks. Recurring nations include China, Saudi Arabia, Peru, and Myanmar.
In an ideal world, organisations should have high success rates and low failure and miss rates to indicate employees are armed with important knowledge and high cybersecurity awareness. A high success rate and low failure rate reflects a workforce’s ability to spot fake messages in a phishing attack and respond correctly.
While developed countries like the US and UK continue to be the prime target for cyberattacks, other territories are seeing a spike in attacks too. Phishing is a global phenomenon, so organisations the world over must be proactive in tracking the phishing trends in their regions.
Based on the results, European nations appear to have performed the best among the participating countries, displaying high success rates and low failure rates. Cybersecurity Awareness, as an industry, has been around longer in Europe and this could be the reason for increased security maturity in the region. Furthermore, the positive performance of many European countries in attack simulations can also be explained by EU regulations. Members of the European Union (EU) have heightened sensitivities towards cybersecurity and privacy, which are engrained in EU Law.
Interestingly, the United States was in the middle of the pack with a success rate of 55.6%, a failure rate of 5.5% and a miss rate of 38.9%. The UK (success 60.8%, failure 5.1% and miss 34.1%) also performed well. One could attribute both nations’ good scores to official rules and regulations.
For example, the General Data Protection Regulation (GDPR), which was put in effect in 2018, prompted European companies and organisations to invest in cybersecurity measures as part of their compliance to data privacy policies. In the UK alone, the cybersecurity sector has grown by 46 percent since 2017, driven by the rollout of the GDPR.
In 2022, several banks in South Africa have been targeted by phishing attacks. In these attacks, people have been receiving emails requesting them to validate their bank details. These emails contain dodgy links to fake sites that are designed to mimic the bank’s official website. Here, they endeavour to steal sensitive information like login credentials and banking details. Nearly 11 million attacks were recorded in Africa Q2 of 2022 alone.
Phishing continues to be among the most common type of cyberattack that organisations and internet users in general encounter today. In the office, phishing attacks is particularly important since falling victim to one can expose companies to significant risks. By getting access to data or networks, hackers can then perform other cyberattacks and fraudulent activities.
In 2022, you simply cannot afford to have gaps in your cyber security strategy. There are numerous pillars to cybersecurity, but phishing security is one of the most important. Firewalls and other technological solutions are important, but if you do not apply the same focus to your employees, you will find many vulnerabilities in your cybersecurity.
A cybersecurity strategy that includes technical safeguards and employee security awareness and training will provide the best opportunity to lower attack success rates and minimise the impact that cybercrime can have on your organisation.
TSC has been aiding organisations across a variety of sectors for over 20 years on phishing schemes. We can provide engaging and gamified eLearning courses that will teach secure behaviours to your employees in a manner that maximises retention. We can also keep this messaging consistent within your organisation with a library of free and bespoke resources available to show how to spot phishing attempts and how best to report such cyberattacks.
We at TSC are always hammering home the mantra that new cybersecurity threats are always evolving, innovating, and waiting to pounce. When your organisation closely monitors the landscape and reflects cyber risks in training and development, you give your employees the power to detect, avoid, and report phishing attempts.
If you would like more information about how The Security Company can help deliver security awareness training, raise awareness, increase security skills, and establish a secure culture, or how we can run a behavioural research survey to pinpoint gaps in your security culture, please contact Jenny Mandley.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51