Phishing Statistics and Facts – 2020 Update

email phishing

An innocent-looking email from a friend. A fake email from a bank. A message that looks like it came from your company’s IT guy prompting a password change.

All it takes is one wrong click by an uninformed employee. Then hackers are in, accessing and even gaining control of your corporate system, creating a huge mess to clean up and compromising customer trust forever.

Phishing is a serious threat to any business. And as cybercriminals get increasingly sophisticated, there’s always a new threat, a cutting-edge scam, to look out for.

Keep reading to learn everything you need to know about phishing attacks in 2020 so you can keep your network safe from hackers and coach your team to prevent attacks with anti-phishing training.

Data Breaches

When hackers gain access to sensitive data like passwords they can access confidential data and leak user information across the web. Everybody from criminal gangs to state state-sponsored espionage groups likes to phish. Because it works. The scary stats prove it.

  • 32% of confirmed data breaches involved phishing. This is nearly one-third of all breaches! (Verizon 2019 Data Breach Investigations Report)
  • 70% of breaches associated with a nation-state or state-affiliated actors involved phishing. (Verizon 2018 Data Breach Investigations Report)
  • 71.4% of targeted attacks involved the use of spear-phishing emails. This kind of targeted, highly personalized attack is especially disturbing to the victim. (Verizon 2018 Data Breach Investigations Report)
  • 49% of non-point-of-sale malware was installed via malicious email. (Verizon 2018 Data Breach Investigations Report)
  • 50% of recipients open e-mails and click on phishing links within the first hour of the message being sent. (Verizon 2018 Data Breach Investigations Report)
  • Phishing emails include fake notifications from banks, e-payment systems, email providers, social networks, online games, etc. (Kaspersky Lab Report)
  • 57% of organizations report experiencing mobile phishing attacks. Hackers have set their sights on more than your computer. (Wandera’s 2020 Mobile Threat Landscape Report)
  • On April 16, 2020 Google blocked more than 18 million COVID-19 phishing emails. Everybody was searching for information. Criminals stepped in to “help.” (Google)
  • 90% of verified phishing scams were discovered in secure email gateways. Thought you were safe? Think again. Nine times out of ten, clever hackers overcame perimeter defenses. (Cofense, formerly PhishMe)
  • 37.9% of untrained users fail phishing tests. Unfortunately, many of us aren’t so smart we should opt out of phishing training. (KnowBe4),

Financial Loss

Phishing attacks mean more than data loss. If hackers get inside your corporate network, your company is liable to take a big hit. Cybercriminals will quickly transfer money out of the breached company and divert funds into their own bank accounts.

  • $3.5 million was the average cost of human error data breaches in 2019. We’re guessing this is more than your business wants to lose. (IBM/Ponemon Institute)
  • $1.7+ billion in losses resulted from BEC/EAC crimes in 2019. You’ve got to keep that business email safer. (FBI’s IC3)
  • Puerto Rico government lost $2.6 Million in a phishing attack in 2020. Costly and embarrassing. Ouch. (AP)
  • A custom phishing page costs $3–12. Who knew it was that cheap to fake a website? (Symantec)
  • 56 percent of requests for payment from phishing attacks came in the form of gift cards in Q3 2019. Other popular payments methods to watch for include payroll diversion and direct transfers. (APWG)
  • $1.5 million has been paid in bitcoin as part of sextortion schemes in 2019. (Cofense)
  • Large organizations on average spend $13 million recovering from digital attacks. That money could have gone toward phishing training, with millions left over for expansion, marketing, R&D, employee bonuses or 100 other things that would make your company a better place to work. (Accenture)