Latest Study in Cybersecurity Awareness and End User Behaviors


By: Michael Kouskoutis

Cybersecurity awareness company Proofpoint recently published its fourth-annual Beyond the Phish report, which analyzes end-user behavior and employee knowledge on cybersecurity.  Gathering from over 130 million data points across 14 categories, 16 industries and over 20 departments, this report is regarded as among the most useful cybersecurity studies published each year.
Notable findings include:

  • Participants incorrectly answered about 1 in 4 questions regarding identification of phishing threats.
  • Participants showed poor awareness surrounding risky communication channels (like connecting to public WiFi networks), and struggled to identify distinctions between public and private data.
  • Participants treat mobile devices differently, often taking greater risks than with stationary computers.
  • In comparison with prior reports, users have a greater understanding of ransomware and are becoming better at recognizing malicious pop-ups.
  • End users are also increasingly using physical security practices, such as locking devices before leaving them unattended.
  • End users in the finance industry performed the best, while those in education and transportation were the worst performing users across all industries.
  • End users in hospitality performed the worst in the “Physical Security Risks” category.
  • Workers in the insurance industry performed particularly well in the “Avoiding Ransomware Attacks” category.
  • Communications was the best performing department among all industries, while customer service, facilities and security departments performed the worst.
  • 83% of global organizations experienced phishing attacks in 2018.

The study also reported a significant increase in safe behaviors in organizations that offer continuous training across all cyber topics.  With human error being the leading cause of cybersecurity breaches, businesses should make cyber awareness a core component of employee training and offer continual training programs that are up-to-date with the latest threats to cybersecurity.  For more information with cyber data security or breach response, contact Michael Kouskoutis at