A new report from KnowBe4 says Australia and New Zealand (ANZ) employees need to play catch-up against regional colleagues by improving their vigilance in identifying malicious links and other forms of phishing.
The 2024 Phishing Benchmarking Report for Australia and New Zealand shows that without security training, across all industries, one in three (34.4%) employees in ANZ are likely to click on a suspicious link or comply with a fraudulent request.
As a comparison, ANZ leads North America, South America and Africa but trails the UK, Europe and Asia at large – which is now the global leader at 28.4%.
KnowBe4 analysed over 54 million simulated phishing tests across more than 11.9 million users from 55,675 organisations in 211 countries. The resulting baseline PPP measures the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
The findings in the report clearly demonstrate the effectiveness of combining simulated phishing security tests with security awareness training.
ANZ organisations that engaged in consistent training and testing experienced a substantial decrease in their average PPP to from 34.4% to 19.1% within the first 90 days and a further reduction to 5.5% after a year of continuous training and testing.
The most notable improvement in ANZ was observed within large organisations, where the initial PPP at Phase 1 of 40.3% was substantially reduced to 4.7% in Phase 3, an 88.28% improvement. This significant favourable movement serves as a testament to the efficacy of robust and continuous security awareness training, along with rigorous testing protocol, in strengthening cyberdefences.
The considerable overall improvement in PPP over three and 12 months is evidence that transforming cybersecurity culture requires breaking existing habits to make way for more secure ones.
Other highlights include:
- Cyber-risk is the primary concern for businesses in APAC, with malware, ransomware and social engineering attacks being the most common attack strategies
- Cybersecurity breaches are having a profound impact on businesses in Oceania. Preparedness levels among individuals and enterprises may be lower, exacerbating vulnerability to cyberthreats
- The shortage of trained cybersecurity professionals increases the risk of inadequate threat mitigation
- Interest in security culture within the region has progressively gained momentum – underscoring significant progress in security culture across ANZ
- Recent developments in government regulations see a notable shift toward the adoption of more secure practices
- Organisations in the region are concerned with AI as an emerging threat vector
“With the Asia-Pacific region experiencing a significant surge in cyberattacks compared to its global counterparts, this report reinforces the crucial role the human element plays in cybersecurity.
“Although technology is important for preventing and recovering from cyberattacks, human error is still a big contributing factor to data breaches. Although it’s encouraging to see ANZ phishing results showed an improvement from last year, AI-driven threats will increase so it’s imperative that organisations continue to strengthen the human firewall with regular and focussed security awareness training,” said Dr Martin Kraemer, Security Awareness Advocate, KnowBe4.
Click below to share this article