Information security professionals are 10 percent less likely to report that their organization was the victim of a phishing attack in 2016 than in 2015, though that still means three-quarters of organizations were targeted and half of that same group said phishing attacks are on the rise, according to the latest State of the Phish report from Wombat Security Technologies.
The report found a 64 percent increase in the number of organizations measuring the risk posed by end users. The company also reported that it had examined more simulated phishing e-mails than in the previous year and found that click rates are improving for many industries and for organizations with mature programs.
"Our survey of the general public revealed that more people are aware of the concept of phishing than most of us probably thought," according to the report. "However, these same people struggled to identify what ransomware is. These end users also showed that they put their organizations at risk by doing things like checking personal e-mail on their work devices. Overall, this survey points to the fact that there is work to be done to teach people how to stay safe."
The report is based on "tens of millions of simulated phishing e-mails sent over a 12-month period," according to information released by Wombat, plus more than 500 survey responses from security professionals around the world representing more than 16 industries, as well as a survey of more than 1,000 end users worldwide.
Other key findings of the report include:
The full report can be found at info.wombatsecurity.com.