Exploring Phishing Statistics

Published on November 10, 2015

 At Agari, we are vocal about the steps organizations can take to protect their brands and customers from the impact of phishing attacks. But what exactly are the hard numbers behind our mission?

Let’s look at some phishing statistics showing a clear need for change when it comes to mitigating the phishing problem.

A rising threat

Verizon research has found that phishing is now the second most common cyber threat vector, implicated in a quarter of all data breaches last year.

Phishing continues to grow at a higher rate than malware – according to Google’s Safe Browsing service, the amount of malware websites dropped 18.8% (from 18,454 to 14,977) between 2014 and 2015, while the amount of phishing sites increased by 35% (from 24,864 to 33,571) during the same period.

A waste of resources      

Phishing costs large companies on average $3.7 million a year, a Ponemon study has revealed.

A recent Black Hat survey also found that dealing with phishing and other forms of social engineering is one of the top three things occupying the most time during an infosec employee’s average day, alongside vulnerabilities created by in-house development teams and vulnerabilities in off-the-shelf applications or systems.

An endless stream

According to ESET, people receive 12 spam emails a day – this adds up to 4000 spam emails per person, per year!

An infographic produced by IT Governance indicates that, every day, 156 million phishing emails are sent and 15.6 million make it through spam filters.

A weak spot

IT Governance also reports that once the emails have made it past filters, 8 million are opened, 800,000 recipients click on the links, and 80,000 of them unwittingly hand over their information to criminals.

A Google-led research paper also found that almost half (45%) of the visitors to a phishing web page completed the form and submitted their personal data.

SANS Institute also found that 95% of all attacks on enterprise networks gained access via a spear phishing attack.

The numbers speak for themselves – these are just some of the phishing statistics that demonstrate the scale and severity of the phishing crisis.