Sun | Jan 28, 2018 | 7:30 AM PST

Wombat Security’s new State of the Phish™ Report—an annual research study that pulls data from multiple sources—has revealed a major increase in technical and business impacts from phishing attacks between 2016 and 2017. The study shows year-over-year increases of more than 80% in reports of malware infections, account compromise, and data loss related to phishing attacks.  
wombat phishing chart.png

Source: Wombat Security, 2018 State of the Phish Report

Wombat’s State of the Phish Report has become a trusted resource for infosec professionals who are seeking to better managed end-user risks related to social engineering attacks. This year’s report combines data and analysis from three key sources:

  1. Tens of millions of simulated phishing attacks sent through Wombat’s Security Education Platform over a 12-month period
  2. 10,000+ responses collected from quarterly surveys of Wombat’s database of infosec professionals (customers and non-customers) from more than 16 industries
  3. A third-party survey of more than 3,000 technology users (1,000+ adults each in the US, UK, and Germany)

Other items covered in the report include:

  • Business intelligence gathered from Wombat’s simulated phishing data, including average end-user click rates and variations by industry
  • Insights related to the real-world experience of infosec professionals, including the efforts organizations are taking to educate users and the use of consequence models for repeat offenders
  • Regional differences among organizations and end-users, including comparisons of awareness levels between US, UK, and German technology users
  • A look at the emerging smishing (SMS/text message phishing) threat and how end-user knowledge levels influence risk

The full 2018 State of the Phish Report is available on the Wombat Security website. For additional insights from industry experts, register for the January 31st SecureWorld web conference, State of the Phish Report 2018: What Your Peers Are Doing to Reduce Successful Phishing Attacks. You can join live or on-demand, and CPE credits are available.