New Research Reveals Critical Infrastructure Employees Are More Likely to Detect and Report Phishing and Malicious Emails
Two thirds report a real malicious email attack within first year of training; threat detection behavior is 20 percent higher than industry average
MINNEAPOLIS, July 19, 2023 /PRNewswire/ -- Hoxhunt, the market leader in security behavior change, today released the findings of its latest research, the 'Human Cyber-Risk Report: Critical Infrastructure'. This report, which examined human risk in the critical infrastructure sector, analyzed over 15 million phishing simulations and real email attacks reported in 2022 by 1.6 million people participating in security behavior change programs. The research highlights that critical infrastructure employees are comparatively more engaged in organizational security, as their phishing reporting and miss rates indicate.
The report revealed that 66 percent of active participants in security behavior training programs at critical infrastructure organizations detect and report at least one real malicious email attack within a year of commencing training. Resilience velocity, the speed at which an organization reaches its highest level of actual threat detection behavior, is also 20 percent higher in the critical infrastructure sector, with organizational threat detection rates reaching high points at 10 months, compared to the 12-month average in most other industries.
Phishing simulation success rates, the act of reporting a simulation and not skipping or failing it, in critical infrastructure is 61 percent higher than the global average after 12 months. In addition, resilience ratios, success rate versus failure rate, is 51 percent higher in critical infrastructure - 10.9 for critical infrastructure compared to the 7.2 global industry average.
The report also reveals that critical infrastructure employees are most likely to fall victim to spoofed internal organizational communications. While this is the most effective type of phishing attack across most sectors, Hoxhunt's study found that these types of attacks induce an 11.4 percent higher failure rate in the critical infrastructure sector compared to global averages.
"Over the past several years, attacks on critical infrastructure have become all too common, leaving fuel pumps and store shelves empty," said Mika Aalto, CEO and co-founder of Hoxhunt. "In response, critical infrastructure organizations and their employees are exponentially more aware and cautious of malicious activity. This higher state of caution has spurred many security and risk leaders to move away from traditional security awareness programs and choose new innovations like Security Behavior Change products to achieve true risk reduction."
The research also highlights that communication, marketing, and business development departments are most likely to be victims of phishing attacks. The most resilient departments are finance, sales, and legal. These results track with global averages except for the high performance of sales, whose success in critical infrastructure is greater than the global average.
The full research report can be found here. To learn more about Hoxhunt and to request a demo, please visit: https://www.hoxhunt.com/.
About Hoxhunt
Hoxhunt helps security leaders and employees join forces to prevent data breaches. Hoxhunt is a Human Risk Management platform that goes beyond security awareness to drive behavior change and measurably lower risk. Data breaches start with people, so Hoxhunt does too. It combines AI and behavioral science to create individualized micro-training experiences people love. Employees learn to detect and report advanced phishing attacks. Operations teams respond fast with limited resources. And security leaders gain outcome-driven metrics to document reduced cybersecurity risk.
Media Contact
Caroline Dobyns
Lumina Communications for Hoxhunt
[email protected]
SOURCE Hoxhunt
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article