pink and blue colorful banner

Risky and They Know It: 96% of Risk-Taking Users Aware of the Dangers but Do It Anyway, 2024 State of the Phish Reveals

Share with your network!

We often—and justifiably—associate cyberattacks with technical exploits and ingenious hacks. But the truth is that many breaches occur due to the vulnerabilities of human behavior. That’s why Proofpoint has gathered new data and expanded the scope of our 2024 State of the Phish report.  

Traditionally, our annual report covers the threat landscape and the impact of security education. But this time, we’ve added data on risky user behavior and their attitudes about security. We believe that combining this information will help you to: 

  • Advance your cybersecurity strategy 
  • Implement a behavior change program 
  • Motivate your users to prioritize security 

This year’s report compiles data derived from Proofpoint products and research, as well as from additional sources that include:  

  • A commissioned survey of 7,500 working adults and 1,050 IT professionals across 15 countries 
  • 183 million simulated phishing attacks sent by Proofpoint customers 
  • More than 24 million suspicious emails reported by our customers’ end users 

To get full access to our global findings, you can download your copy of the 2024 State of the Phish report now. 

Also, be sure to register now for our 2024 State of the Phish webinar on March 5, 2024. Our experts will provide more insights into the key findings and answer your questions in a live session. 

Meanwhile, let’s take a sneak peek at some of the data in our new reports. 

Global findings 

Figure 1

Here’s a closer look at a few of the key findings in our tenth annual State of the Phish report. 

Survey of working adults 

In our survey of working adults, about 71%, said they engaged in actions that they knew were risky. Worse, 96% were aware of the potential dangers. About 58% of these users acted in ways that exposed them to common social engineering tactics. 

The motivations behind these risky actions varied. Many users cited convenience, the desire to save time, and a sense of urgency as their main reasons. This suggests that while users are aware of the risks, they choose convenience. 

The survey also revealed that nearly all participants (94%) said they’d pay more attention to security if controls were simplified and more user-friendly. This sentiment reveals a clear demand for security tools that are not only effective but that don’t get in users’ way. 

Survey of IT and information security professionals 

The good news is that last year phishing attacks were down. In 2023, 71% of organizations experienced at least one successful phishing attack compared to 84% in 2022. The bad news is that the consequences of successful attacks were more severe. There was a 144% increase in reports of financial penalties. And there was a 50% increase in reports of damage to their reputation.  

Another major challenge was ransomware. The survey revealed that 69% of organizations were infected by ransomware (vs. 64% in 2022). However, the rate of ransom payments declined to 54% (vs. 64% in 2022).  

To address these issues, 46% of surveyed security pros are increasing user training to help change risky behaviors. This is their top strategy for improving cybersecurity. 

Threat landscape and security awareness data 

Business email compromise (BEC) is on the rise. And it is now spreading among non-English-speaking countries. On average, Proofpoint detected and blocked 66 million BEC attacks per month. 

Other threats are also increasing. Proofpoint observed over 1 million multifactor authentication (MFA) bypass attacks using EvilProxy per month. What’s concerning is that 89% of surveyed security pros think MFA is a “silver bullet” that can protect them against account takeover.  

When it comes to telephone-oriented attack delivery (TOAD), Proofpoint saw 10 million incidents per month, on average. The peak was in August 2023, which saw 13 million incidents. 

When looking at industry failure rates for simulated phishing campaigns, the finance industry saw the most improvement. Last year the failure rate was only 9% (vs. 16% in 2022). “Resilience factor” is a metric that compares how many users reported simulated phishing emails versus how many users fell for them. The overall resilience factor has steadily gotten better over the past three years (1.5 in 2021 vs. 2.0 in 2023). 

Regional findings 

For the second consecutive year, Proofpoint is offering regional summaries of our State of the Phish survey data. Here’s a look at some of those key findings. 

North America 

Note that these data points are not featured in the global 2024 State of the Phish report. But they are still worth noting, so we’re highlighting them here.  

Among the 15 countries in our survey, 81% of U.S. organizations experienced a TOAD attack, second only to Sweden. 

Of U.S. organizations, 77% reported paying a ransom. This is much higher than the global average of 54%. Notably, U.S. organizations were also the most likely to regain access to their data after paying one or more ransoms compared with the 15 other countries in our survey. 

When asked about the results following a successful phishing attack, Canadian IT and infosec professionals reported that the loss of data or intellectual property was the most common consequence that their business experienced. 

Europe and the Middle East (EMEA) 

EMEA countries experienced more TOAD attacks than the global average (70% vs. 67%). 

In this region, one country had users who took the most risks—more than any other country in our survey. In the United Arab Emirates, 86% of users said they took a risky action. 

EMEA organizations that paid a ransom dropped to an average of 56% (compared to 64% in 2022). Germany had the highest proportion of organizations that said they paid a ransom (93% vs. 54% global average). 


Fewer organizations globally reported that they experienced a BEC attack. However, Japan saw a 35% increase year over year in the number of organizations that experienced this type of attack. 

Ransomware infection trends increased slightly in the region, with more South Korean organizations reporting that they experienced an infection (72% in 2023 vs. 48% in 2022). 

At 72%, Australia had the most users that engaged in risky behavior compared with other countries in the region (the average was 63%). 


Compared with our global survey data, the impact of a successful phishing attack has shifted more dramatically in Brazil. More Brazilian organizations reported an increase in consequences involving zero-day exploits, direct financial loss and credential theft. 

In Brazil, users are motivated to take risks to meet an urgent business objective versus a personal one such as convenience. 

About the report 

The 2024 State of the Phish report provides data, insight and actionable advice. It covers: 

  • Observations from Proofpoint products and research to provide insights into the latest threat trends 
  • How generative AI technologies are impacting the effectiveness of cyberattacks and elevating the risk exposure for businesses 
  • Complex attacks such as MFA phishing and TOAD 
  • User behaviors and attitudes about security and risks 
  • Benchmark data for a range of metrics, such as failure rates, reporting rates and resilience across industries, departments and phishing simulation campaigns 
  • Key insights into building security culture, like the discrepancy in perception between security teams and end users 

Get more in-depth insights 

In the ever-evolving landscape of cybersecurity, one thing remains constant: the human factor. Throughout 2023, organizations worldwide grappled with an array of cybersecurity challenges. Now, more than ever, embracing a human-centric security strategy stands out as the ultimate solution against these relentless threats. 

Download your copy of the 2024 State of the Phish report from Proofpoint now.