Contributed by Hoxhunt

Email-originated cyber attacks account for roughly 90% of all data breaches, which in total exacted a $6 trillion toll on the global economy in 2021 at a clip of over $14 million-and-climbing per company per successful phishing attack, according to reports by the Ponemon Institute and Cybersecurity Ventures. Collectively, those little clicks would add up to the GDP of the third largest nation in the world behind the US and China. Understanding employee behavior in relation to cybersecurity as well as effective behavior change methodology is a critical step towards protecting individuals and organizations from phishing attacks and data breaches.

This inaugural Behavioral Cybersecurity Report by Hoxhunt analyzed email data of 1.6 million Hoxhunt participants and their 24.7 million simulations. This analysis indicates that user email behavior can vary significantly depending on their industry, type of job, and geographical location. More importantly, user behavior, skill and progress over time indicates robust improvement. Global phishing simulation failure rates and missed simulations clearly decline, while rates of skill acquisition, threat reporting, and phishing simulation success increase. Employees and their mailboxes constitute the greatest cybersecurity risk factor for enterprises and other organizations. 2021 saw record-setting venture capital and PE activity in cybersecurity. But investment into security awareness solutions lagged behind technical solutions, as has effective innovation in security awareness models. Traditionally, improving employee cybersecurity awareness has been seen as Email-originated cyber attacks account for roughly 90% of all data breaches, which in total exacted a $6 trillion toll on the global economy in 2021 at a clip of over $14 million and climbing per company per successful phishing attack, according to reports by the Ponemon Institute and Cybersecurity Ventures. Collectively, those little clicks would add up to the GDP of the third largest nation in the world behind the US and China. Understanding employee behavior in relation to cybersecurity as well as effective behavior change methodology is a critical step towards protecting individuals and organizations from phishing attacks and data breaches.

A lost cause in terms of actually reducing risk. Awareness has thus been relegated to a compliance-based approach, which is more check-a-box than actual risk reduction. But with next-gen training solutions, which combine advanced technology with a people-centric approach, a truly riskbased approach can and will offer high ROI in terms of risk reduction. The results section of this report will show how a global sample of 1.6 million Hoxhunt users performed with millions of highly realistic phishing simulations of varying difficulty over time. Users are segmented by their geography, industry, and job role. Their behavior is segmented by their failure, success, and missed email rates. There are many intriguing findings that bear further inquiry as we seek to understand why users behave the way they do with emails. But, more importantly: so what?

Read Hoxhunt’s full report here

About Hoxhunt

Hoxhunt is a human risk management platform that goes beyond security awareness to drive behavior change and measurably lower risk. We combine AI and behavioral science to create individualized micro-training experiences people love. Employees learn to detect and report advanced phishing attacks. Operations teams respond fast with limited resources. And security leaders gain outcome-driven metrics to document reduced cybersecurity risk.

Hoxhunt works with leading global companies such as Airbus, IGT, DocuSign, Nokia, AES, Avanade, and Kärcher and partners with leading global cybersecurity companies such as Microsoft and Deloitte.

To learn more, visit https://www.hoxhunt.com/