10 Facts About Phishing Risk & Dangerous Employee Behavior That You Must See

January 13, 2022

It may be a new year, but some things never change; phishing threats continue to plague businesses as they flood employee inboxes bringing threats like ransomware, malware, account takeover and business email compromise into their environment every day. An estimated 80% of companies say that they experienced an increase in the number of phishing attacks they faced in 2021, and no one expects that to slow down anytime soon.  


See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>


10 Facts About Phishing Risk & Dangerous Employee Behavior


  • One-fifth of employees in a 2020 survey fell for phishing tricks and interacted with spurious emails. 
  • 45% of employees click emails they consider to be suspicious “just in case it’s important.” 
  • 1 in 3 employees are likely to click the links in phishing emails.   
  • 41% of employees failed to notice a phishing message because they were tired.   
  • 47% of workers cited distraction as the main factor in their failure to spot phishing attempts. 
  • 30% of phishing messages get opened by targeted users.
  • 1 in 8 employees are likely to share information requested in a phishing email.     
  • 60% of employees opened emails they weren’t fully confident were safe.   
  • 45% of employees never report suspicious messages to IT for review.      
  • 95% of attacks on business networks are the result of successful spear phishing.    

Still relying on an old-fashioned SEG? See why Graphus is better! SEE THE COMPARISON>>


Phishing is a Budget Buster 


More email coming into businesses means more phishing messages that could land in an employee’s inbox, and any phishing message that an employee receives has the chance of spawning a data breach. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies continue to grapple with the implications of the ongoing pandemic and virus variants that could lead to long-term remote work becoming the norm. If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025.     

The 2021 Ponemon Cost of Phishing Study shed light on the massive revenue hits that companies can suffer in the wake of a successful phishing attack like a ransomware disaster. The biggest takeaway from this report is the colossal increase in the cost of a phishing attack for businesses. Researchers say that the cost of phishing attacks has almost quadrupled over the past six years, with large US companies losing an average of $14.8 million annually (or $1,500 per employee) to phishing. That’s without adding the expense of dealing with an incident investigation, regulatory penalties or ransoms (and paying ransoms can be illegal).   


Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>


What Increases or Decreases Phishing Risk? 


The Top 5 Sectors in Which Employees Interact with Phishing Messages the Most    

  1. Consulting   
  2. Apparel and Fashion Accessories   
  3. Education   
  4. Technology   
  5. Conglomerates/Multi-Nationals   

Learn more about which companies and locations are most endangered by phishing: Where Does Phishing Start? This Report Lays it Out

How Frequently Will Employees Encounter Malicious Messages? 

Phishing is a really big deal, and a really complex problem for businesses to pin down as they consider their options for email security that will keep malicious messages away from employee inboxes.   

  • In an organization with 1–250 employees, one in 323 emails will be malicious.   
  • In an organization of 1001–1500 employees, one in 823 emails will be malicious.  

Learn more about analyzing a company’s phishing risk: Here’s What Increases & Decreases Your Phishing Risk  


We’ll show you how to spot security risks fast with employee profiling! SEE THE DEMO>>


Who Clicks on Phishing Messages? 


A recent experiment by Canadian security researchers exposed the sad truth: an estimated 25% of North American workers tested were fooled by phishing emails, leading to some dangerous consequences.  

  • 67% of clickers (13.4% of overall users) submitted their login credentials, up substantially from 2019 when just 2% submitted their credentials
  • The Public Sector and Transportation workers struggled the most, posting a click rate of 28.4%  
  • The Education, Finance and Insurance sectors performed considerably better than others, with click rates of 11.3% and 14.2% (tied)  
  • Users in North America struggled the most with the phishing simulation, posting a 25.5% click rate and an 18% overall credential submission rate  
  • About 7 out of every 10 clickers willingly compromised their login data  
  • Users in Europe exhibited lower click and submission rates of 17% and 11%, respectively. 

Learn more about who falls for phishing: Who Falls for Phishing? 


The road to security success begins with 5 Steps to Ransomware Readiness! GET IT>>


Conventional Email Security Can’t Handle the Rising Tide of Phishing Threat


As security solutions and training improve, phishing is also evolving. Cybercriminals are perpetrating attacks that use highly sophisticated methodology, and that can spell disaster for businesses. An estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email

Why Are Conventional Email Security Solutions and SEGs a Path to Phishing Defensive Failure? 

We analyzed the performance of other types of email security solutions as well as automated email security in our report on The State of Email Security 2021 and a comparison of the data uncovers several pertinent facts to keep in mind.  

  • 90% of undetected phishing attacks are discovered in an environment that uses an SEG  
  • 1 in 4 companies is at risk of an email security related data breach
  • Only 17% of email solutions and SEGs were able to detect previously unknown malware  
  • Companies investing in automation have a four-fold advantage in stopping a targeted cyberattack. 
  • 34% of standard security tools could spot unknown credential phishing links  
  • 80% of phishing sites linked in suspicious messages 2020 used SSL to bypass threat lists
  • Security automation can save more than 80% of the cost of manual security. 
  • Automated email security detects up to 40% more phishing attacks than conventional security or a SEG 

See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


Stop phishing with the most simple, automated & affordable phishing defense available: Graphus 


Why should you choose Graphus? Because you’ll get cutting-edge protection from cybercrime at an excellent price. Using AI-powered, automated email security with an award-winning solution is a smart move for businesses of every size. 

  • You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget. 
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing email than a SEG or conventional security.  
  • Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users. 
  • Click here to watch a video demo of Graphus now. 

Don’t wait until cybercriminals are dangling tempting lures in front of your employees to take action and provide your business with best-in-class email security. Let us show you how the triple-layered protection that your business gets from Graphus is exactly what you need to keep your organization safe from phishing.  

Addressing the dangers of phishing is a smart way for businesses to reduce their risk of a damaging data breach. One of the best ways to do that is to prevent the inevitable mistakes that employees will make by keeping them out of the picture with Graphus. Schedule a demo today=> 



Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus