Phishing - statistics & facts

Overview
Key figures
Statistics

Published by Statista Research Department, Jul 6, 2022

Phishing – a common term associated with email fraud has emerged as one of the most prominent forms of cyberattacks today. Victims are lured via fake correspondence, often in the form of emails or social media messages leading to carefully constructed phishing sites. Such sites, often masquerading as log-in pages or online forms then capture users’ data which is subsequently used to commit online fraud or identity theft. It is also not uncommon for links in one of these cleverly disguised messages to create a gateway for malware to make its way into a system. In 2020, phishing mails were a leading point of entry for ransomware, constituting up to 54 percent of digital vulnerabilities. Poor user practices and lack of cybersecurity training were also significant contributors, both of which are factors closely related to interaction with phishing messages.

Rise in attacks since COVID-19

With the coronavirus pandemic shifting daily activities online in many parts of the world, cybercrime has risen to the forefront. The third quarter of 2021 saw an unprecedented surge of unique phishing websites – an increase of over 400 thousand to be exact. This figure continued to rise in the fourth quarter that year. In 2020, Mongolia and Israel were the countries most targeted by phishing attacks, followed by France. With an increasing rate of attacks comes a growing investment in cybersecurity, an industry which is forecast to reach 345 billion U.S. dollars worldwide by 2026 - a nearly 60 percent increase from 2021.

Are employees at fault?

Although being distracted was a leading cause of employees clicking on phishing e-mails, being fooled by legitimate looking messages came in a close second. Just over 40 percent had assumed the e-mails came from a senior executive at their organization, another testament to the accuracy of spear phishing – a highly targeted form of the attack, drawing from user contact lists and internet activity to further personalize messages sent. While the highest number of accidental clicks come from employees aged between 31 to 50, younger members of staff appear to be better at covering their tracks. Up to 42 percent of 16 to 24 year olds admitted to having made cybersecurity mistakes that their company will never know about. Meanwhile, this share was significantly less in the 35 to 54 age group.

U.S. Healthcare sector most targeted

In 2020, after the worst of the coronavirus pandemic only 18 percent of cybersecurity professionals said that they had experienced an increase in digital attacks between April and June that year. Over half claimed they had seen no change in the area. A year on however, the story was quite different with nearly half admitting to having seen at least a small increase in attacks following COVID-19. In FY 2019, the Department of Health and Human Services was the most targeted government sector by cybercriminals in the United States. The largest share of breaches occurred due to slip-ups or policy violations by authorized users, again highlighting the critical role employee training plays in stemming future attacks.

This text provides general information. Statista assumes no liability for the information given being complete or correct. Due to varying update cycles, statistics can display more up-to-date data than referenced in the text.