Here’s What Increases & Decreases Your Phishing Risk

November 11, 2021

Phishing is coming at businesses from every side, and it seems impossible to predict where it will come from next and what dangerous cyberattack is coming in its wake. The most common risk that any business faces today as well as the most potentially devastating, every IT team is constantly at war with cybercriminals as they seek to stem the tide. In the Verizon Data Breach Investigations Report 2021 phishing continued its reign in first place as the top data breach threat that businesses face today for the third straight year – and that threat is continuing to grow stronger.  

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

While every business is at risk of a phishing attack every day, phishing risk at any given time for a specific business can be impacted by many variables. Factors like industry, location, business trends, world events and so many more can affect the calculus too. Throughout the last few years, we’ve seen how cyberattack risk shifts in industries based on factors like public need, production pressure and profitability of their data. An estimated 74% of respondents in a business survey admitted that their companies had been successfully phished in the last year.  

Wouldn’t it be great to have threat intelligence that can give you a better idea of just how high your organization’s phishing risk may be? We can’t give you an exact assessment, but we can give you a look at factors that might impact phishing risk for your business. These fact lists can help you gain a better understanding of which businesses are most likely to be in cybercriminals’ sights. 

Looking for a security rockstar? Get 5 superstar benefits at 1 low price! SEE THE BENEFITS>>

Is Your Business Facing Any of These Risk Factors?   

Dangerous Employee Behavior   

In this year’s IBM X-Force Threat Intelligence Index, researchers noted that 97% of the employees that they studied in a wide array of industries were unable to recognize a sophisticated phishing email. So what are they most likely to do when they receive one of those carefully socially engineered and tempting messages? Probably something dangerous. 

Likelihood of Dangerous Employee Email & Phishing Behaviors  

1 in 3 employees are likely to click the links in phishing emails.  

1 in 8 employees are likely to share information requested in a phishing email.    

60% of employees opened emails they weren’t fully confident were safe  

45% click emails they consider to be suspicious “just in case it’s important.”  

45% of employees never report suspicious messages to IT for review.     

41% of employees failed to notice a phishing message because they were tired.  

47% of workers cited distraction as the main factor in their failure to spot phishing attempts.  

Every industry is being besieged by phishing. However, researchers determined that certain business sectors are the most likely to have employees that will interact with phishing messages.  

The Top 5 Sectors in Which Employees Interact with Phishing Messages the Most   


Apparel and accessories  




Phishing messages aren’t always targeted at every employee inbox. Some departments are significantly more likely to receive a barrage of sophisticated phishing messages. One major threat to watch is phishing targeted at IT departments.  Surprisingly, 75% of the businesses polled in a survey reported in Tech Republic indicated that phishing attempts were most likely to target their IT staff – and 40% of those IT staffers fell for the bait. 

Departments Most Likely to be Targeted by Phishing   

IT = 74%   

Sales =35%   

Executives = 27%   

Marketing = 25%   

Customer Support = 21%

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>

Added Industry Pressure

The most desirable asset that a cybercriminal can snatch from any organization is an employee credential, especially a privileged administrator or executive credential. Researchers also determined that employees in certain sectors were the most likely to hand over their credentials when faced with a phishing attempt.    

The Top 5 Sectors in Which Phishing Leads to Credential Compromise  

Apparel and accessories  


Securities and commodity exchanges  



The nature of a business is also a risk factor for phishing. Some sectors are very attractive to bad actors perpetrating phishing scams.  Companies that extensively do business through a website, platform or service will experience additional phishing risk, especially businesses in these categories. 

Website Categories Most Targeted by Phishing Attacks  

As the percentage of total recorded phishing attacks in Q1 2021  

Financial Services & Banking: 24.9%  

Social Media: 23.6%  

SaaS & Webmail: 19.6%  

Payment: 8.5%  

E-Commerce & Retail: 7.6%  

Shipping & Logistics: 5.8%  

Cryptocurrency: 2%  

Other: 8% 

Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>

Rising Ransomware Risk 

The most famous (or infamous) phishing-related cyberattack that businesses face today is undoubtedly ransomware. Any organization that takes a hit from a ransomware attack is going to hemorrhage money. Ransoms have never been higher, and ransomware losses in 2021 are already up more than 300% over the same period last year, beating 2020’s record-setting pace. You may think that your business is too small for ransomware threat actors to bother with, but that’s not true – 55% of ransomware attacks now involve companies with fewer than 100 employees. 

Statista reports that just under 70% percent of businesses worldwide have been victimized by ransomware in 2021, a steep increase from the three preceding years and the highest figure reported so far. No matter where you are in the world, ransomware is a pitfall that your business faces every day.  

Where Are Cybercriminals Perpetrating the Most Ransomware Attacks? 

Asia (33%)  

North America (30%)  

Europe (27%)  

Phishing-Related Data Breach Risk 

Data is a precious commodity on the dark web, making it catnip to cybercriminals. An estimated 75% of organizations in the United States were hit by a phishing attack that resulted in a data breach in 2020 as cybercriminals looked to enhance their revenue streams. Cybercriminals can make a solid chunk of change from selling data. One unlocked database can go for as much as $20,000, or up to $50 per 1,000 entries – and that database can be sold many times to different interested parties.  

IBM Security X-Force Incident Response analyzed the incidents that they handled in 2020. While organizations in every industry are at risk of data theft through ransomware, these three were a little more at risk in 2020 than the rest.   

Industry Representation in Data Breaches 

Manufacturing                25%   

Professional Services      17%   

Government Entities      13% 

No business is out of bounds to a cybercriminal, no matter the industry or size. More than 50% of ransomware attacks in 2020 were made on SMBs with less than 100 employees. That means every organization needs powerful phishing protection to prevent disaster – and Graphus answers the call. 

Stop phishing with Graphus – the most simple, automated & affordable phishing defense available.

Why should you choose Graphus? Because you’ll get cutting-edge protection from cybercrime at an excellent price. Using AI-powered, automated email security with an award-winning solution is a smart move for businesses of every size.

  • You’ll gain a powerful guardian that protects your business from some of today’s nastiest threats like spear phishing, business email compromise, ransomware and other horrors that will fit perfectly into your IT budget.
  • Plus, automated security is up to 40% more effective at spotting and stopping malicious messages like phishing email than a SEG or conventional security. 
  • Get detailed, actionable threat intelligence with the Graphus Threat Intelligence add-on, featuring detailed reports on the malicious or compromised IP and email addresses, URLs, and attachment hashes used in cyberattacks that target your users.
  • Click here to watch a video demo of Graphus now.

Don’t wait until cybercriminals are dangling tempting lures in front of your employees to take action and provide your business with best-in-class email security. Let us show you how the triple-layered protection that your business gets from Graphus is exactly what you need to keep your organization safe from phishing. 

Addressing the dangers of phishing is a smart way for businesses to reduce their risk of a damaging data breach. One of the best ways to do that is to prevent the inevitable mistakes that employees will make by keeping them out of the picture with Graphus. Schedule a demo today=> 

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus