Employees Still Struggle to Identify Phishing Threats and Properly Protect Their Data, Report Finds

Respondents, who answered 22 percent of questions incorrectly, struggled most with assessments about mobile device encryption and protections for personally identifiable information.

The security industry relies on well-maintained, constantly updating systems to protect its customers from cybersecurity threats. But the security of those systems is often only as good as the ability of humans to identify cyberattacks as they’re happening.

Many employees are vulnerable to security threats due to their lack of knowledge on several cybersecurity issues, according to the results of Proofpoint’s annual Beyond the Phish report. The report analyzed over 130 million responses to cybersecurity questions in order to explore the knowledge of end-users ⁠—otherwise known as normal workers who use their employers’ email and Internet services.

Overall, users answered 22 percent of questions incorrectly. That’s an increase of 4 percent from the last report in 2018, but Proofpoint said its assessment has gotten tougher and more expansive since then.

Respondents had the most trouble with identifying phishing threats, knowing how to protect data throughout its lifecycle, complying with cybersecurity directives like the General Data Protection Regulation (GDPR) and protecting mobile devices and the data stored on them. Users showed the most comfort with avoiding ransomware attacks, answering nearly 90 percent of questions about the topic correctly.

Perhaps due to training sessions and a greater public awareness of malicious threats targeting corporations, the users surveyed by Proofpoint performed best on questions related to identifying potentially risky communication channels, recognizing cyber threats such as ransomware and malicious pop-up windows, and locking their computer before leaving their desk.

But the users had trouble with questions regarding mobile device encryption, protections for personally identifiable information and actions they can take following a potential physical security breach.

“Cyber criminals continue to focus on people, structuring attacks to take advantage of users who are unaware and unprepared,” the report reads. “Not all security incidents are solely the result of an attack; many arise from poor user security practices and a general lack of awareness.”

Professionals in the education and transportation industries had the poorest performance on the assessment, answering questions incorrectly about 24 percent of the time. Users in the finance industry performed best with about 20 percent incorrect answers.

The report also featured statistics on the difference in performance between users as a whole and users who received ongoing security awareness training. The company, which provides such training, found that users performed better on tough questions related to mobile devices and regulation compliance when they received quarterly training.

“Education answers the ‘why’ for users,” the report reads. “It helps them make the connection between awareness and action … Regular security awareness training is the best way to build users’ knowledge.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Security Today Announces The Govies Government Security Award Winners for 2025

    Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.