Users Are More Alert to Suspicious Messages in the Morning
When we compiled the data related to our PhishAlarm® email reporting tool, we found that end users are most likely to report suspicious messages during the early hours of the work day. On a related note, more messages were reported on Tuesdays, Wednesdays, and Thursdays, with Thursday logging the most PhishAlarm clicks at 22%.
More Organizations Are Measuring Phishing Risk and Impact
We’ve long extolled the values of measurement and analysis when it comes to gauging cybersecurity risks. Though there is more to managing a successful security awareness training program than tracking numbers, the ability to establish a baseline and evaluate progress over time provides clear benefits on multiple levels (strategic program planning, reporting to stakeholders, etc.).
In this year’s survey, we were pleased to see that more and more infosec professionals are embracing the idea of tracking and managing end-user risk, as well as measuring the overall impact of phishing on their businesses:
- 72% of respondents said that they assess the risk each end user poses to their organizations — a dramatic 64% increase from our 2015 survey.
- The top way infosec professionals determine end-user risk is by evaluating security awareness and training performance (48%).
- At 38%, “disruption of employee activities” was the most commonly cited negative impact of phishing attacks.
- Infosec professionals measure the cost of phishing incidents in multiple ways, including the following:
- Business impact from lost IP (41%)
- Loss of employee productivity (35%)
- Damage to reputation (8%)