KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released its 2024 Phishing by Industry Benchmarking Report
The report measures an organisation’s Phish-prone Percentage (PPP), indicating how many employees are susceptible to phishing or social engineering attacks
This year’s report reveals that untrained employees in Africa have a higher PPP at 36.7% compared to the global average of 34.3%. This suggests that employees in African countries are more likely to fall for phishing attempts. The increase from the previous year’s figures highlights the significant linguistic, cultural, and economic diversity across the continent and the substantial cybersecurity challenges faced by African countries.
KnowBe4’s analysis covered 54 million simulated phishing tests involving nearly 12 million users across 55,675 organisations in 19 different industries. The study established a baseline PPP, indicating the click rates on phishing tests by employees who had not received KnowBe4 security awareness training.
While PPP rates varied significantly across different sectors and countries within Africa, the report demonstrates the effectiveness of combining simulated phishing tests with security awareness training. African organisations that consistently implemented training and testing saw a marked reduction in their average PPP to 22% within the first 90 days, and further down to 5.9% after one year of continuous efforts.
These improvements are slightly higher than the global average, which saw a reduction to 18.9% after 90 days and 4.6% after one year of consistent training and testing. This indicates that, at least theoretically, employees in African countries are more prone to cyber threats, underscoring the importance of focusing on mitigating human risks to bolster cybersecurity.
Transforming cybersecurity culture
Despite the challenges faced by African countries and their organisations, the significant decrease in PPP over three and twelve months shows notable progress. This improvement demonstrates that changing cybersecurity culture involves breaking old habits and adopting more secure practices. As employees internalise these new behaviors, they become ingrained, evolving into standard practices that shape organisational culture and create a workforce that naturally prioritises security.
"Cybersecurity challenges in Africa require a combination of regulation, guidelines and security awareness training. Particular focus is needed on threats like deepfakes used for political manipulation, especially ahead of major elections in various African countries," remarked Anna Collard, senior vice-president content strategy & evangelist Africa at KnowBe4. "More public-private partnerships are essential to build capacity, address the skills shortage, and improve resilience in the digital world. Investing in Africa’s youth and providing cybersecurity training opportunities can fill the skills gap and also address youth unemployment."