ANZ employees most likely to fall for phishing, report reveals

A new report from KnowBe4 reveals that one in three (34.4%) employees in Australia and New Zealand (ANZ) are likely to click on a suspicious link or comply with a fraudulent request. The 2024 Phishing Benchmarking Report, which measures the Phish-prone Percentage (PPP), shows that ANZ leads North America, South America, and Africa in this regard. However, it trails behind the UK, Europe, and Asia, with the latter now being the global leader at 28.4%.

KnowBe4 analysed over 54 million simulated phishing tests across more than 11.9 million users from 55,675 organisations in 211 countries. The baseline PPP measures the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.

The findings suggest a clear link between security awareness training and increased resilience against cyber threats. The report shows that ANZ organisations engaging in consistent training and testing reduced their average PPP from 34.4% to 19.1% within the first 90 days, with a further reduction to 5.5% after a year of continuous training and testing.

The most significant improvement was observed within large organisations. The initial PPP of 40.3% at Phase 1 was substantially reduced to 4.7% in Phase 3, marking an 88.28% improvement. This reduction highlights the effectiveness of robust and continuous security awareness training and rigorous testing protocols in strengthening cyber defences.

The report also highlights some concerning facts: Cyber risk remains the primary concern for businesses in the Asia-Pacific (APAC) region, driven by malware, ransomware, and social engineering attacks. Cybersecurity breaches have a profound impact on businesses in Oceania, with preparedness levels among individuals and enterprises potentially lower than needed, exacerbating vulnerability to cyber threats.

Additionally, the shortage of trained cybersecurity professionals places additional pressure on existing employees, increasing the risk of inadequate threat mitigation. This talent gap potentially compounds the consequences of cyber incidents. The report also notes a progressive interest in fostering a security culture within the region, supported by IT departments aiming to effect change management and mobilise employees.

KnowBe4's findings suggest that recent developments in government regulations have driven a notable shift towards adopting more secure practices among organisations. Emerging as a concern is AI as a new threat vector. While AI can bring significant advantages, its rapid deployment has led to the advent of deepfakes in imagery, audio, and video, further complicating the detection of traditional social engineering threats.

Dr Martin Kraemer, Security Awareness Advocate at KnowBe4, commented on the report: "With the Asia-Pacific region experiencing a significant surge in cyberattacks compared to its global counterparts, this report reinforces the crucial role the human element plays in cybersecurity. Although technology is important for preventing and recovering from cyberattacks, human error is still a big contributing factor to data breaches."

He added, "It's encouraging to see ANZ phishing results showed an improvement from last year. However, AI-driven threats will increase, so it's imperative that organisations continue to strengthen the human firewall with regular and focussed security awareness training."