AbleToTrain by Willing & Able

Social engineering stats to keep in mind in 2022

Some interesting numbers to start with:

Cybercriminals use social engineering in 98% of attacks.

There are seventy-five instances as many phishing web sites as malware web sites.

With 241,342 a hit incidents, phishing changed into the maximum not unusual place cybercrime in 2020 withinside the US.

A ransomware attack is a hit each eleven seconds.

In 2019, the value in keeping with compromised report changed into $one hundred fifty on average.

The US authorities allotted nearly $19 billion for cybersecurity in 2021.

What Is Social Engineering?

Basically, it`s convincing a person to carry out a specific motion.

Cybercriminals who use social engineering trap you to percentage your private data, open infectious files, or deliver them get entry to to confined information.

Let`s test a number of the contemporary social engineering facts.

1. Cyber assaults hire social engineering 98% of the time. (Source: Purplesec)

In different phrases, many personnel can`t discover social engineering threats and unknowingly open the doorways for cybercriminals to thieve money, get entry to information, and tarnish your reputation.

Although there are some (21% if we don’t forget each present day and previous personnel) who may also deliberately use social engineering hacks to get again at you.

2. Over 70% of all information breaches are because of social engineering. (Source: GlobalSign)

It`s less complicated to idiot human beings as opposed to to infiltrate a stable laptop system, so it`s no marvel that approximately 70% to 90% of all information infiltration is because of phishing and social engineering assaults.

Cybercriminals can goal any character or business enterprise, aleven though facts display that healthcare institutions, authorities agencies, and universities are the desired goals for social engineering scams due to the data they store.

3. There are greater than million phishing web sites. (Source: IDAGENT)

As of Jan 17, 2021, the quest engine powerhouse, Google recorded 2,145,013 fishing webweb sites.

What takes place is that hackers continuously feed the Dark Web with the information they thieve, which then serves as gasoline for in addition cyberattacks.

Just in 2020, hackers introduced about 22 million new facts to the Dark Web.

4. 96% of phishing assaults use e-mail. (Source: Tessian)

Although the quantity of phishing web sites is staggering, the contemporary social engineering stats display that best 3% of phishing assaults are done via a website, and 1% is through phone (both vishing or smishing).

A phishing e-mail hints people into taking motion immediately. They normally cite emergencies to get you to expose touchy data.

The maximum not unusual place phrases cybercriminals use in emails are: urgent, request, important, payment, and attention.

5. About 43% of phishing attackers impersonate Microsoft. (Source: Spamtitan)

Social engineering emails normally impersonate a famous business enterprise to boom the probabilities of you establishing them.

Microsoft is the desired faux identification for attackers to adopt, for the reason that approximately 1.2 billion human beings use the Office package.

DHL comes withinside the 2d position, with 18% of cybercriminals the use of the logo name.

Other frequently impersonated manufacturers are PayPal, LinkedIn, Google, and Chase.

6. The most common attachments in phishing emails are Windows executables. (Source: ESET Threat Report)

According to phishing statistics, an attacker downloads a Windows executable “usually disguised as a PDF, Excel, or Word file.” 74% chance. You can use a script file (11%) or a compressed file (4%), but the executable file is better because it runs the moment you open the program.

7. 18% of phishing victims have lost money. (Source: Tessian)

How dangerous is social engineering?

It’s pretty dangerous. Money doesn’t seem to be the main motivation for cybercriminals-information is. After a successful phishing attack, 60% of enterprises report data loss, 52% report credential breaches, and 29% complain of malware infections that ultimately damage the entire enterprise computer network. I am. 2022

Social Engineering Statistics

Companies spend millions of dollars protecting themselves and their customers from data breaches, but efforts seem to be wasted unless employees are also trained.

Social engineering is a very serious problem because it takes advantage of people’s natural tendency to trust others and tempts them to reveal sensitive information.

8. The average organization is exposed to 700 social engineering threats annually. (Source: ZDNet) How many companies are targeted by spear phishing attacks every day?

We know that in one year, attackers sent 12 million spear phishing emails to three million mailboxes, affecting 17,000 organizations.

That means 46.5 companies receive an average of two spear phishing emails each day.

9. Only 27% of companies provide social engineering awareness training. (Source: GetApp)

Businesses around the world spend millions on security technologies, but they don`t take the time to educate employees on social engineering and data breaches.

According to the latest statistics, about 43% of employees do not receive regular data security training, and an amazing 8% have never received it.

10. Forty-five percent of millennials do not know what phishing is. (Source: Proofpoint)

Social engineering statistics by age show that older employees are more familiar with the topic.

65% of employees over the age of 39 can correctly define phishing compared to just 47% between the ages of 18 and 22.

However, in the case of voice phishing, the opposite is true. While 34% of employees in the 1822 age group know what phishing is, only 20% of employees over the age of 55 know the term.

11. In 2020, 43% of IT workers were victims of social engineering attacks. (Source: ZDNet)

However, the most common target is neither the CEO nor the IT people.

Non-financial or managerial employees receive 80% of the threat.

12. Approximately 30% of employees fail the phishing test. (Source: Knowbe4)

PhishProne Percentage (PPP) varies by industry, but the global average PPP can be estimated to be 31.4%.

By company size, the most vulnerable sectors are small healthcare centers and pharmaceuticals (34% PPP), medium hospitality facilities (42.3% PPP), and large energy organizations (52.4% PPP). .. The cybersecurity and social engineering awareness campaign has reduced the percentage of 30L to about 5%.

13. 60% of US employees click on emails, even if they think they are suspicious. (Source: Graphus)

According to a recent survey, 78% of participants were recently trained in social engineering threats, while 60% were willing to open suspicious emails.

According to social engineering statistics, 45% did not report the problem to IT after clicking.

14. The distraction caused 47% of employees to fall into phishing scams during a pandemic. (Source: LinkedIn)

COVID19 has also affected a company’s ability to combat cybersecurity threats. According to a recent survey, 56% of IT departments report increased response times to cyber attacks.

In addition, 42% of organizations say they are not ready to defend against cyberattacks targeting remote workers.

Social Engineering Message

Over the years, many companies in different industries have been unfortunate targets for data breaches. Some of the examples are 2017 Equifax violations (affecting nearly 150 million consumers), 2020 Marriott violations (affecting 5.2 million guests), and Twitter violations (2020). Affects 130 accounts).

Now let’s look at some global statistics.

15. Mongolia had the highest rate of phishing attacks in 2020. (Source: Statista)

According to country-specific social engineering statistics, Mongolia was the most devastated country, with 15.54% of online users hit by phishing attacks in the third quarter of 2020.

Israel came in second with 15.24%, followed by France (12.58%) and Brazil (11.86%).

16. Phishing emails have affected over 1 million companies in the UK. (Source: INFOTECH) The email attack affected 1.3 million companies in the UK and cost nearly £ 7 billion.

SMEs find it particularly difficult to defend against these attacks, as most (73%) lack IT security measures.

17. Phishing was the most common cybercrime. (Source: Vade Secure)

The latest phishing statistics reveal that the FBI registered 50 percent increase of attack in comparison to pervious year.

For example, cybercriminals pretended to be government agents who needed your personal information to sign you up for financial support or early vaccination.

18. More than $15,000 is lost every minute due to phishing. (Source: Varonis)

The latest social engineering stats reveal that around $17,700 is lost every minute due to phishing. That equates to $1,062,000 million per hour and $25,488,000 million per day.

19. Social engineering attacks cost an organization an average of $ 130,000. (Source: Security Info Watch)

This is just the money and data that the average company loses. However, there are additional related costs that the company must bear, such as: B. Recovery fees and security updates.

Now consider how common cyber attacks are (once every 39 seconds according to Internet privacy statistics). It’s no wonder experts predict that the global annual cost of cybercrime will reach the astronomical $ 10.5 trillion by 2025.