Phishing and Cyber Behavior Trends 2024

Get actionable insights from 1.6 million user clicks on over 15 million phishing simulations, and even more real attacks.

This report includes previously unreported metrics on dwell time and real threat detection, helping paint a clearer picture of evolving trends in the phishing landscape and its effect on human cyber behavior.

Key Takeaways

‍Security training, dwell time, and real threat detection performance

This report makes the first quantifiable connection between security training behavior and the real phishing outcomes of 1.6 million users.

• Threat reporting rates rose by 9X after one year of training in both the training and real-world contexts.
• Median dwell time improved by around 33% in both the training and real real-world contexts.

How do you stack up against the global baseline for security awareness, behavior, and culture programs?

‍

Performance by region, phishing theme, industry, and job role

• Regional performance: The United States’ rate of successfully recognizing and reporting a phishing attack is significantly lower than high-performing European countries like Finland, Germany, and Switzerland.
• Industry performance: Financial Services is the highest performing sector, while Healthcare is particularly challenged.
• Job role performance: Communications has a 40% poorer phishing simulation failure rate than top-performing Finance.
• Phishing theme performance: Spoofed inter-org communications, like HR or IT notifications, are the most-clicked phishing simulations at 7.4% failure rate, followed by invoice scams.

Unlock the full report to see the full set of performance benchmarks along with expert insights.