Construction industry staffers most vulnerable to phishing scams, report

News by Doug Olenick

With the proper training, this weakness can be almost entirely weeded out

A new study on a worker’s susceptibility to being successfully phished found those working in the construction industry the most likely to fall for an attack, however, with the proper training this weakness can be almost entirely weeded out.

KnowBe4’s Phishing by Industry 2019 report looked at 19 industries breaking them down into three categories, small, up to 250 workers; medium, 250-999; and large, 1,000 and more. Those in the construction industry placed first in falling for attacks in small and medium-sized businesses and second place in large corporations where the hospitality industry took first place. Retail/wholesale and insurance rounded out the small business category, while insurance and manufacturing did so for medium-sized businesses.


An organisation's phish-prone percentage (PPP) indicates how many of their employees are 
likely to fall for a social engineering or phishing scam.

Overall, 2019 was not a good year with the overall PPP rising 2.6 percent to 29.6 percent

However, once training began the percent of a company’s workers likely to fall for a phishing scam dropped dramatically.

In the construction category after 90 days of combined computer-based training and simulated phishing security testing the PPP numbers fell to 16.8 percent, small; 19.7 percent, medium; and 15 percent for large companies. After 12 months of such training the PPP fell further to 1.8 percent, 3.1 percent and 7.9 percent, KnowBe4 reported.

"It’s interesting (and maybe scary) to see that no organisation does well without training. Industries such as energy and utilities were over 30 percent and so were technology vendors and other technology-based companies. Not-for-profit organisations also ranked over 30 percent and insurance and manufacturing organisations exceeded 35 percent. Even smaller organisations in industries that typically require more regulatory oversight and requirements fared badly," the report said.

KnowBe4 said the study analysed a data set that included nearly nine million users across 18,000 organisations with over 20 million simulated phishing security tests across nineteen different industries.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews