Find Out With The 2019 Gone Phishing Tournament™ Report
All it takes is one convincing email for an organization to fall victim to a phishing attack. People are busy and are simply trying to get to inbox zero. To make matters worse, most people do not even know what a phishing email looks like.
This is exactly why security and risk management leaders need to know their corporate click rate. Click rate benchmarking gives you real data about your cyber threat risk level.
To help organizations understand their internal security risk level, we host the Gone Phishing Tournament™. This annual tournament is designed to make it easy for organizations to learn how their click rate compares to that of similar organizations.
The biggest lesson from our 2019 Gone Phishing Tournament™ reinforced our core belief at Terranova Security – that organizations need to use a combination of security awareness training and phishing simulation to prevent phishing attacks and lower their click rate.
The Gone Phishing Tournament™ revealed that even in organizations with security awareness training programs in place, people are still clicking and responding:
- 11% of recipients clicked the phishing link
- 2% of recipients submitted their credentials on the phishing website
Security awareness training alone does not work. Phishing simulations alone do not work. Organizations that are serious about preventing cyberattacks need to use both training and simulations to prevent people from automatically clicking and responding to emails.
What is the Gone Phishing Tournament™?
The annual Gone Phishing Tournament™ allows participating organizations to honestly answer “How does my click rate stack up?”
Organizations cannot answer this question without knowing how their corporate click rate compares to organizations with similar characteristics. To give organizations real facts on their true click rate, we used the same template and same testing period.
This sets us apart from the other click rate benchmarking reports available online. We believe that organizations need to compare like to like to understand what their click rate really means.
Too many organizations are trying to forcibly compare their click rate levels to inconsistent random online data that uses different phishing templates, templates with varying levels of difficulty, and inconsistent testing periods.
The facts on the 2019 Gone Phishing Tournament™:
- Held over five days in October 2019
- 76 countries represented
- Phishing template localized to 27 languages
- 15 time zones
Organizations from a range of industries participated in the Gone Phishing Tournament™ including construction, education, healthcare, finance and technology, public sector, non-profit, and manufacturing.
To accurately measure and evaluate employee phishing knowledge, we used two scenarios based on real phishing attack techniques.
Malicious Link Attack:
Used language that convinced email recipients to click a generic link that encouraged them to submit their credentials.
Credential Collection with Web Form Attack:
When users clicked the link in the email, they were directed to a website requesting their email address and password.
Stay tuned for the 2020 Gone Phishing Tournament™ coming this spring. Get the information you need to honestly answer “How does my click rate stack up?”
Download the 2019 Phishing Benchmark Global Report to learn more about the lessons revealed in the 2019 Gone Phishing Tournament™.
Top Lessons Learned from the 2019 Gone Phishing Tournament™
Your people are your first line of defense against phishing threats and risks.
The top lessons from the 2019 Gone Phishing Tournament™ reinforced how critical your employees are in keeping your organization safe and secure.
In organizations with security awareness programs in place, 11% of users still clicked the phishing link.
In organizations with security awareness programs in place, 29% of the users who clicked the link submitted their credentials.
In organizations with both security awareness and phishing simulations, the credential submission rate is 47% lower.
No two industries are the same and organizations should not compare their click rate data to that of an organization in another industry.
Smaller organizations are at greater risk of a phishing attack. However, this does not mean that large organizations are immune to phishing threats.
People are much more likely to respond to phishing emails sent in their native language. Participants in North and South America submitted their credentials at a higher rate than participants in other regions.
Web Browsers and Operating Systems Matter
46% of participants who clicked the link used Google Chrome. 48% of participants who submitted their passwords used Internet Explorer.
Security Awareness Training and Phishing Simulations Matter
Together phishing simulations and security awareness training drive secure behaviors.
Download the 2019 Phishing Benchmark Global Report to learn more about the lessons revealed by the 2019 Gone Phishing Tournament™.
Why Security Awareness Must Be A Priority
Security awareness must be a priority for every organization of every size in every industry. Cybercriminals know no boundaries and do not care who they steal from.
The onus is on organizations to act. Security and risk management leaders must be proactive against cyber threat risks. Hoping that an employee does not click a phishing email does not work.
The facts and data tell us that when security awareness training and phishing simulations are used together, employee knowledge and awareness go up – and risk goes down.
We recommend that organizations take advantage of all opportunities to collect information about their employee awareness, click rate, and industry standards.
How does your click rate stack up?
Take steps today to protect your organization:
- Stay tuned for the 2020 Gone Phishing Tournament™ coming this spring
- Sign up for a free phishing simulation
Terranova Security is committed to increasing cyber security awareness. As a recognized global leader in security awareness, we are the partner of choice. Contact us today to learn more about your click rate and phishing threat risk.
Actionable Click Rate Benchmarking for Security Awareness Leaders
Register now to get your complimentary copy of the 2019 Gone Phishing Tournament™ Benchmark Global Report.