The Latest in Phishing: May 2019

2021 ‘State of the Phish’ Explores the Critical Need for People-Centric Security, User Resilience

Share with your network!

We are excited to announce the launch of our State of the Phish report, a yearly look at user awareness, vulnerability, and resilience. More data-rich than ever, this seventh annual study features analysis of survey responses, simulated phishing exercises, and real-world attacks to provide insights into phishing and other cyber threats—and what you can do about them

This year’s report compiles data from multiple sources, including:

  • A third-party survey of 3,500 working adults across seven countries (the Australia, France, Germany, Japan, Spain, the United Kingdom, and the United States)
  • A third-party survey of 600 infosec professionals across those same seven countries
  • More than 60 million simulated phishing attacks sent by Proofpoint customers over a one-year period
  • About 15 million suspicious emails reported by our customers’ end users

About the Report

State of the Phish focuses on analytical, actionable insights into the current state of the phishing threat. We cover:

  • Issues and impacts organisations dealt with following socially engineered attacks in 2020
  • Organisation-, industry-, and department-level failure, reporting, and resilience data
  • The influence emerging threats and organisation-specific data can (and should) have on your overall cyber-defence plan
  • End-user awareness gaps and cybersecurity behaviours that could be introducing preventable risk within your organisation
  • Security awareness training trends and advice about how to make your program work more effectively for your organisation

Sneak Peek: Global Findings

  • 98% of infosec professionals we surveyed said their organisation has a security awareness training program—but only 64% offer formal training sessions as part of their program.
  • Two-thirds of survey respondents said their organisation experienced a ransomware infection in 2020—and more than half of those decided to pay the ransom in the hopes of quickly regaining access to data.
  • Among those who paid a ransom in 2020, nearly 40% were hit with additional demands following an initial payment—a 320% year-over-year increase
  • Automated email reporting offers a critical path to understanding user resilience. A tool like our PhishAlarm® email reporting plug-in enables organisations to calculate their resilience factor. This measurement, which compares phishing test failure rates to reporting rates, can help organisations determine which activity happens with more regularity among users.
  • Over our 12-month measurement period, our customers’ end users reported more than 800,000 active credential phishing attacks and more than 35,000 emails with malware payloads (including remote access Trojans, keyloggers, and advanced persistent threats).
  • We compared the top-20 Very Attacked People (VAP) from a large financial services provider and a healthcare system over a three-month span and found that:
    • Attackers’ focus on VIPs can vary significantly by industry and over time.
    • Many malicious emails were sent to individual aliases (like those for VIPs) and group aliases (like those for general groups such as customer service).
    • The financial services provider saw many attacks targeted at an affiliate global payment provider.
    • Healthcare practitioners—including physicians, nurse practitioners, and specialty caregivers—appeared in the healthcare system’s top 20 VAPs across all three months analysed.

Sneak Peek: Regional Findings

United States

  • 68% of U.S. respondents in our third-party survey of infosec professionals said their organisation opted to pay a ransom following a ransomware attack in 2020, twice the global average.
  • 75% of U.S. working adults surveyed said they grant friends and family members access to work-issued devices. This is well above the global average (52%) and a marked increase from 2019 (61%).


  • According to our survey results, French organisations were the least likely to experience smishing (SMS/text phishing) attacks, vishing (voice phishing) attacks, malicious USB drops, and social media-based attacks in 2020.
  • At 47%, German infosec professionals were least likely to say their organisation experienced a successful phishing attack in 2020.
  • Just 35% of Spanish organisations use a consequence model (meaning, strategic punishments for users who regularly fall for real or simulated phishing attacks). This is the least among all regions surveyed and well below the 55% global average.
  • Only 63% of UK organisations train users about email-based phishing, the lowest of any region surveyed.


  • 64% of Japanese organisations dealt with credential compromise as a result of successful phishing attacks in 2020. This is the most of all regions surveyed and well ahead of the global average (52%).
  • 67% of Australian infosec professionals surveyed said their organisation was infected with phishing-based ransomware. This is well higher than the 47% global average—and approaching three times higher than their French counterparts (25%).

Download the Report for More Global Findings and Regional Insights

There’s no question that 2020 was a challenging year for organisations and individuals alike. Our look back can help you move forward with greater clarity on how to prepare your people to be a stronger last line of defence against phishing and other social engineering attacks.

The information presented here merely scratches the surface of what is explored throughout the 2021 State of the Phish report. Download your copy for full access to findings.

In addition, be sure to register for our February 11 webinar, which will highlight State of the Phish analysis and advice about using the report to guide data collection efforts and cybersecurity education initiatives within your organisation.