New KnowBe4 Benchmarking Report Unveils Untrained Users Pose Greatest Risks to Organizations

New data reveals average Phish-proneTM percentage rising

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced that it has released a new Phishing by Industry Benchmarking Report to measure an organization’s average Phish-prone percentage, which indicates how many of their employees are likely to fall for a phishing or social engineering scam.

The initial baseline phishing test was administered to organizations that hadn’t conducted any security awareness training. The results indicated a high level of risk, with an average initial baseline Phish-prone percentage of 29.6 percent, up 2.6 percent from 2018, across all industries and sizes. Every organization regardless of size and vertical is susceptible to phishing and social engineering without computer-based training.2019-KnowBe4-Industry-Benchmark-Chart

“Often times, organizations overlook security awareness training and simulated social engineering testing because they’re focused on implementing security technology instead of building up their human layer of defense,” said Stu Sjouwerman, CEO, KnowBe4. “This report shows that employees are not getting the right amount of cybersecurity training to help properly protect their organizations, and we need to change that.”

After 90 days of computer-based training and simulated phishing testing, the average Phish-prone percentage was cut in half, as it went down from 30 percent to 15 percent. And after one year of testing and simulated phishing, it drops down to just two percent. Across all industries, there’s a 92 percent improvement rate from baseline testing to 12 months of training and testing.

To download a copy of the KnowBe4 Phishing by Industry Benchmarking Report, visit For more information on KnowBe4, visit


About KnowBe4

KnowBe4, the provider of the world’s largest integrated security awareness training and simulated phishing platform, is used by more than 26,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Tens of thousands of organizations worldwide trust KnowBe4 to mobilize their employees as their last line of defense.

Number 96 on the 2018 Inc. 500 list, #34 on 2018 Deloitte’s Technology Fast 500 and #2 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England, the Netherlands, Germany and offices in South Africa and Singapore.

Get the latest about social engineering

Subscribe to CyberheistNews