2021 Gone Phishing Tournament™ reveals high phishing simulation click and system compromise rates
by CM Staff
Nearly one in every five end users (19.8%) who received the phishing simulation email clicked on the initial message's phishing link.
LAVAL — The new edition of the Terranova Security Phishing Benchmark Global Report, drawing on results from the 2021 Gone Phishing Tournament(TM), reveals that overall end user click rates remained high in the face of this year’s phishing simulation. It also details the rise in the number of users who would’ve compromised their devices with malware had the phishing simulation not been a safe testing environment.
The 2021 Phishing Benchmark Global Report results emphasize the growing need for all organizations to address the human element of cyber security by implementing engaging, informative security awareness training programs that leverage real-world phishing simulations to change the right end user behaviors.
These revelations come at the end of a year where digital transformation accelerated at many workplaces worldwide. The widespread adoption of remote or hybrid work cultures and related technologies enhanced collaboration and productivity, but it also meant cyber security awareness levels were tested much more frequently and with increasingly complex cyber threats.
“The third edition of the report is a powerful reminder to organizations everywhere that deploying real-world phishing simulations as an educational tool is more crucial than ever,” said author and Terranova Security CEO Lise Lapointe. “By testing end user knowledge with simulated attacks similar to threats they may encounter in their everyday activities, organizations can more easily change user behaviors and keep their sensitive information safe.”
The 2021 Gone Phishing Tournament took place over two weeks in October 2021 to coincide with Cybersecurity Awareness Month. In all, close to 1 million phishing simulation emails in 20 different languages were sent to end users during this stretch.
2021 Phishing Benchmark Global Report: Key Results
The 2021 Gone Phishing Tournament revealed that, in general, a significant portion of end users are still inclined to click on phishing email links and, in the case of this year’s simulation template, download malicious file attachments when prompted.
Nearly one in every five end users (19.8%) who received the phishing simulation email clicked on the initial message’s phishing link, which is on par with the 2020 edition of the event. In total, 14.4% of all end users failed to recognize the simulation’s resulting webpage as unsafe and clicked on the malicious file’s download link.
These realities mean that the number of initial clickers who ended up downloading the phishing simulation’s webpage file exceeded 70%, representing an increase of nearly three percentage points from the previous year.
