Application security

Construction industry staffers most vulnerable to phishing scams, report


A new study on a worker’s susceptibility to being successfully phished found those working in the construction industry the most likely to fall for an attack, however, with the proper training this weakness can be almost entirely weeded out.

KnowBe4’s Phishing by Industry 2019 report looked at 19 industries breaking them down into three categories, small, up to 250 workers; medium, 250-999; and large, 1,000 and more. Those in the construction industry placed first in falling for attacks in small and medium-sized businesses and second place in large corporations where the hospitality industry took first place. Retail/wholesale and insurance rounded out the small business category, while insurance and manufacturing did so for medium-sized businesses.

An organizations phish-prone percentage (PPP) indicates how many of their employees are
likely to fall for a social engineering or phishing scam.

Overall, 2019 was not a good year with the overall PPP rising 2.6 percent to 29.6 percent

However, once training began the percent of a company’s workers likely to fall for a phishing scam dropped dramatically.

In the construction category after 90 days of combined computer-based training and simulated phishing security testing the PPP numbers fell to 16.8 percent, small; 19.7 percent, medium; and 15 percent for large companies. After 12 months of such training the PPP fell further to 1.8 percent, 3.1 percent and 7.9 percent, KnowBe4 reported.

“It’s interesting (and maybe scary) to see that no organization does well without training. Industries such as energy and utilities were over 30 percent and so were technology vendors and other technology-based companies. Not-for-profit organizations also ranked over 30 percent and insurance and manufacturing organizations exceeded 35 percent. Even smaller organizations in industries that typically require more regulatory oversight and requirements fared badly,” the report said.

KnowBe4 said the study analyzed a data set that included nearly nine million users across 18,000 organizations with over 20 million simulated phishing security tests across nineteen different industries.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.