The results of the inaugural Hoxhunt Behavioral Cybersecurity Report aren’t just encouraging. Some findings are mind-blowing. Others might be revolutionary. Our data, collected from 1.6 million participants and 24.7 million phishing simulations, shows: - An over-300% global drop in phishing simulation failure rates, from 14% to 4%, with the Hoxhunt phishing training, which corresponded with: - A nearly 70% rise in real threat reports - An over 60% improvement in the accuracy of reporting threats as phish rather than spam or email
People can change. Well, their behavior can change. But in cybersecurity, behavior is everything, right? Because right now, people’s behavior phishing emails is generally not ideal. Virtually every data breach begins with a phishing attack, and there are so many of those today that the cyber insurance industry collapsed in 2021.
But we have good news! According to the inaugural Hoxhunt Behavioral Cybersecurity Report, people can become so good at recognizing and reporting a phishing attack that they measurably lower their organization’s risk of a phishing breach. Sometimes by orders of magnitude. And we have the data to prove it.
Hoxhunt analyzed how 1.6 million people responded to 24.7 million phishing simulations. We categorized Hoxhunt training participants by Geography, Job Role, and Industry and examined how many phishing simulations they either reported, failed, or missed. We also looked at their real phishing reporting behavior. Guess what?
Real phishing reporting rates either improved or stagnated depending on users' phishing simulation performance.
We could see all of that because Hoxhunt phishing training is grounded in behavioral cybersecurity science, and built around a threat reporting plug-in.
The results aren’t just encouraging. Some are mind-blowing. Others might be revolutionary. Our data shows:
That’s good news, right? And right now, we could all use a little good news in cybersecurity. Because the numbers slithering out of the threat landscape are grim.
Email-originated cyber attacks account for over 90% of all data breaches, which in total exacted a $6 trillion toll on the global economy in 2021 at a clip of over $14 million-and-climbing per company per successful phishing attack, according to reports by the Ponemon Institute, Verizon, and Cybersecurity Ventures. Collectively, those little clicks would add up to the GDP of the third largest nation in the world behind the US and China.
Understanding why cybersecurity is really a behavioral science is a critical step towards defending against phishing attacks and data breaches.
When trained correctly, employees improve cybersecurity skills and report more real phishing threats. With the Hoxhunt phishing training:
The frequency with which people report phishing simulations is the best:
Missed simulations (those neither failed nor reported) are a dangerous "unknown" that can't be ignored.
Training programs must factor in who employees are and be able to individualize content to fit their strengths and weaknesses.
Cybersecurity performance varies significantly depending on: