An alarming 83% of global companies suffered email phishing attacks last year, according to Proofpoint’s 2019 State of the Phish report.
The study analyzes reaction to 130 million incoming cyber security questions and offers.
It shows that while some companies excel at training their employees to sidestep attacks — overall, Proofpoint sees signs of improvement in awareness — many still don’t.
The most inept departments included customer service, security and facilities — they answered 25% of security questions incorrectly. However, the security department could cover both physical and cyber, the report notes.
Hospital employees fared the worst in physical security risks, getting 22% of the questions wrong. But communications staffers gave the right answers to 84% of questions.
Among industries, finance did best, answering 80% correctly, while insurance industry staff were best in three of the 14 categories, including how to avoid ransomware attacks.
The report “reiterates the need to go beyond the use of phishing tests to evaluate end user susceptibility and cyber threat knowledge,” states Amy Baker, vice president of security awareness training strategy and development for Proofpoint.
Baker adds: “It’s important to remember that not all security incidents stem from an attack; many issues result from limited awareness and poor security practices.”