Circle 01
Circle 02
Circle 03

Join our mailing list

Subscribe to the TSC newsletter to receive exclusive news and advice
  • 01 November 2022
  • 4 min read

Phishing: which countries are best prepared for phishing attacks?

Which countries are the best at dealing with phishing attacks and who needs to improve their resistance and awareness levels.

A recent report by Hoxhunt has revealed the countries with organisations with the best and safest performance against phishing attacks.

Global Phishing Statistics 2022

Hoxhunt’s study, titled  Behavioural Cybersecurity Statistics 2022, is based on analysis of interactions spanning 1.6 million people across 24.7 million simulations in over 100 countries. There is a lot of data to draw from and a lot of conclusions to be made.

In today’s blog we will break down the key findings from the report and what it tells us about differences in phishing awareness across global regions.

Important email and phishing stats 2022

  • 1 in 3 employees are likely to click links in phishing emails (CyberNews)
  • 60% of employees open emails that theywere not fully confident was safe (Dark Reading)
  • 45% of employees click emails they consider to be suspicious just in case it is important (Dark Reading)
  • 41% of employees do not notice a phishing email because they are tired (ID Agent)
  • 1 in 4 employees admit to clicking on a phishing email at work (Stanford University)

How does this phishing study draw its data?

The study analyses responses to phishing with great detail. Users from these countries were subjected to simulated phishing attacks as part of their security awareness training. The reactions to these simulated attacks were observed and classified according to the following three indicators:

  • “Success” is when the user successfully reports a simulated phishing attack.
  • “Failure” is when the user clicks on a simulated malicious link or downloads a simulated malicious attachment.
  • “Miss” is when the user neither clicks nor reports a simulated phishing attack.

The study then applies a percentage value to the three different indicators.

Which countries are the best prepared for phishing attacks?

Below are the nations with the best and safest behaviours in response to phishing attempts. Recuring nations include Hungary, Austria, Switzerland, and Denmark.

Phishing Statistics Table 1

Which countries were the worst prepared for phishing attacks?

In contrast, below you will find the worst performing countries when it comes to ransomware attacks. Recurring nations include China, Saudi Arabia, Peru, and Myanmar.

Phishing Statistics Table 2

What does the ideal phishing response look like?

In an ideal world, organisations should have high success rates and low failure and miss rates to indicate employees are armed with important knowledge and high cybersecurity awareness. A high success rate and low failure rate reflects a workforce’s ability to spot fake messages in a phishing attack and respond correctly.

What does this data tell us?

While developed countries like the US and UK continue to be the prime target for cyberattacks, other territories are seeing a spike in attacks too. Phishing is a global phenomenon, so organisations the world over must be proactive in tracking the phishing trends in their regions.

About Europe

Based on the results, European nations appear to have performed the best among the participating countries, displaying high success rates and low failure rates. Cybersecurity Awareness, as an industry, has been around longer in Europe and this could be the reason for increased security maturity in the region. Furthermore, the positive performance of many European countries in attack simulations can also be explained by EU regulations. Members of the European Union (EU) have heightened sensitivities towards cybersecurity and privacy, which are engrained in EU Law.

About the US and UK

Interestingly, the United States was in the middle of the pack with a success rate of 55.6%, a failure rate of 5.5% and a miss rate of 38.9%. The UK (success 60.8%, failure 5.1% and miss 34.1%) also performed well. One could attribute both nations’ good scores to official rules and regulations.

For example, the General Data Protection Regulation (GDPR), which was put in effect in 2018, prompted European companies and organisations to invest in cybersecurity measures as part of their compliance to data privacy policies. In the UK alone, the cybersecurity sector has grown by 46 percent since 2017, driven by the rollout of the GDPR.

About Africa

In 2022, several banks in South Africa have been targeted by phishing attacks. In these attacks, people have been receiving emails requesting them to validate their bank details. These emails contain dodgy links to fake sites that are designed to mimic the bank’s official website. Here, they endeavour to steal sensitive information like login credentials and banking details. Nearly 11 million attacks were recorded in Africa Q2 of 2022 alone.

Phishing is still a major cyberthreat!

Phishing continues to be among the most common type of cyberattack that organisations and internet users in general encounter today. In the office, phishing attacks is particularly important since falling victim to one can expose companies to significant risks. By getting access to data or networks, hackers can then perform other cyberattacks and fraudulent activities.

In 2022, you simply cannot afford to have gaps in your cyber security strategy. There are numerous pillars to cybersecurity, but phishing security is one of the most important. Firewalls and other technological solutions are important, but if you do not apply the same focus to your employees, you will find many vulnerabilities in your cybersecurity.

A cybersecurity strategy that includes technical safeguards and employee security awareness and training will provide the best opportunity to lower attack success rates and minimise the impact that cybercrime can have on your organisation.

TSC has been aiding organisations across a variety of sectors for over 20 years on phishing schemes. We can provide engaging and gamified eLearning courses that will teach secure behaviours to your employees in a manner that maximises retention. We can also keep this messaging consistent within your organisation with a library of free and bespoke resources available to show how to spot phishing attempts and how best to report such cyberattacks.

We at TSC are always hammering home the mantra that new cybersecurity threats are always evolving, innovating, and waiting to pounce. When your organisation closely monitors the landscape and reflects cyber risks in training and development, you give your employees the power to detect, avoid, and report phishing attempts.

If you would like more information about how The Security Company can help deliver security awareness training, raise awareness, increase security skills, and establish a secure culture, or how we can run a behavioural research survey to pinpoint gaps in your security culture, please contact  Jenny Mandley.

Written by
Nas Ali
Cyber security and awareness content creator focused on emerging threats and the next wave of cyber security risks like AI, deepfakes and tech 4.0 initiatives in order to build towards a more secure organisational culture.
View Profile

See how we can help you protect your organisation today?

Circle 01
Circle 02
Circle 03

Join our mailing list

Subscribe to the TSC newsletter to receive exclusive news and advice