38 Phishing Statistics You Should be Aware of in 2024 and Beyond
Last Updated on February 8, 2024 by James Wilson
Cybersecurity is incredibly important, especially for those who run businesses or are in the hosting industry. Although we are all more aware of cybercrime in 2024, unfortunately, that doesn’t stop it from happening.
Phishing is kind of what it sounds like. Hackers maliciously attempt or successfully obtain sensitive private data. This includes things like credit card details, usernames, and passwords, etc.
Hackers have a way of phishing by hiding behind organisations or pretending to be someone they’re not.
General Phishing Statistics
- As of Q3 2019, phishing attacks were at their highest they’ve been in 3 years
- Phishing is the number 1 cause of data breaches
- Fraudulent transfers are sent to more than 140 countries
- 68% of all phishing websites use HTTPS protocol
- 78% of known cyber-espionage incidents involved phishing
- 90% of successful data breaches and hacks spawn from phishing attacks
- 66% of people aged 55+ recognise the term phishing
- Only 47% of 18-22-year-olds know what phishing means
Industry Phishing Statistics
- SaaS and webmail are the most targeted industry sectors with 33% of all phishing attacks
- Financial institutions account for 19% of phishing attacks
- Cloud storage and file hosting have a 4% target rate
- Smaller companies with 1-250 employees will have 1 in 323 emails that are malicious
- 1 in 258 mining industry emails will be malicious
- 59% of Japanese organisations suffered data loss from a phishing attack
Worldwide Phishing Statistics
- 1 in 118 emails in Saudi Arabia will be malicious
- Only 1 in 674 U.S. emails are considered malicious
- 65% of U.S. organisations measure their phishing costs in terms of downtime
- The primary destinations of fraudulent fund transfers are China and Hong Kong
- Germany was the most targeted country by malicious mailshots in Q3 2018
- Guatemala was the country with the highest percentage of users attacked in Q3 2018, with 19%
- Phishing attacks on British companies have decreased by 80% since 2014
Impact of Phishing Statistics
- For a medium-sized company, the average cost of a phishing attack is £1.27 million
- Google and Facebook lost £79 million in 2018 due to a phishing attack
- 4% of all emails are phishing emails
- 30% of phishing emails bypass default security measures
- A data breach with a lifecycle under 200 days costs £950,000 less than those over 200 days
- In January 2017, a Gmail phishing scam targeted nearly 1 billion users worldwide
- Out of all emails sent, spam accounts for 45% of them
Phishing Methods Statistics
- In 2012, 91% of cyber attacks started with a spear-phishing email
- Of groups conducting cyberattacks, 65% use spear-phishing as their main infection vector
- In the last 12 months, more than 5,200 SharePoint emails were phishing emails
- 2,000 attacks involved OneDrive
- 32% of data breaches stem from phishing attacks
- 9.2 million emails were reported as suspicious in 2019
- Nearly 83% of spam emails are less than 2KB in size
- In 2018, URL phishing detections increased by 269%
- 51% of phishing attacks contain links to malware
- 48% of malicious email attachments are Microsoft Office Files
References
- https://docs.apwg.org/reports/apwg_trends_report_q3_2019.pdf
- https://www.propellercrm.com/blog/email-spam-statistics
- https://securelist.com/spam-and-phishing-in-q3-2018/88686/
- https://www.varonis.com/blog/cybersecurity-statistics/
- https://www.proofpoint.com/us/security-awareness/post/attack-spotlight-onedrive-phishing-emails-lead-credential-compromise
- https://www.ibm.com/security/data-breach
- https://info.phishlabs.com/hubfs/2018%20PTI%20Report/PhishLabs%20Trend%20Report_2018-digital.pdf
- https://pdf.ic3.gov/2018_IC3Report.pdf
- https://www.symantec.com/security-center/threat-report
- https://docs.apwg.org/reports/apwg_trends_report_q1_2019.pdf
- https://newsroom.trendmicro.com/press-release/cyberthreat/trend-micro-finds-shifting-threats-require-businesses-rethink-security-pri
- https://info.wombatsecurity.com/hubfs/2018%20State%20of%20the%20Phish/Wombat-StateofPhish2018.pdf
- https://info.wombatsecurity.com/hubfs/Wombat_Proofpoint_2019%20State%20of%20the%20Phish%20Report_Final.pdf
- https://www.avanan.com/how-email-became-the-weakest-link
- https://enterprise.verizon.com/resources/reports/dbir/
- https://blog.dashlane.com/phishing-statistics/
- https://www.techradar.com/news/phishing-attacks-see-major-rise
- https://www.microsoft.com/security/blog/2018/10/17/how-office-365-learned-to-reel-in-phish/
- https://www.proofpoint.com/sites/default/files/gtd-pfpt-us-tr-state-of-the-phish-2020.pdf
- https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report-emea.pdf
- https://cofense.com/phishing-attack-shut-19-minutes-cofense-triage/
- https://securelist.com/spam-report-q3-2019/95177/