intelligent

African business users had a lower baseline PPP than many other regions , meaning they were less likely to fall for phishing attacks before any training . However , their improvement after 90 days of training was also lower than other regions . After a year of on-going training , African users achieved a 79.8 % improvement in their PPP , showing the effectiveness of consistent security awareness education .

Africa ’ s human firewall

This is among the key findings of KnowBe4 ’ s 2023 Phishing by Industry Benchmarking Report for Africa , which measures organisations ’ Phish-prone Percentage ( PPP ) – an indication of how many of their employees are likely to fall for phishing or a social engineering scam .

The report is based on data from over 12.5 million users across 35,681 organisations in 19 different industries . The results of over 32.1 million simulated phishing security tests are also included . This year ’ s report details international phishing benchmarks from North America , The United Kingdom , Ireland , Europe , Africa , South America , Asia , Australia and New Zealand .

In Africa , 412 organisations from South Africa , Kenya , Nigeria and Botswana participated in the phishing simulation tests , with a total of 337,937 emails sent . The majority of these organisations ( 58 %) were small ( 1-249 employees ), followed by medium ( 26 %, 250-999 employees ) and large ( 16 %, 1,000 + employees ) ones .

The resulting baseline PPP measured the percentage of employees in organisations that had not conducted any KnowBe4 security training and clicked a simulated phishing email link or opened an infected attachment during testing .

The report shows that without security training , 33.2 % of employees across all regions and industries are likely to fall for phishing attacks or fraudulent requests . Africa ’ s average was 32.8 %, slightly better than the global average and much better than South America , where the average was 41.1 %. Asia had the lowest rate of phishing – 30 %.

Training slashes risk

Ninety days after training , Africa ’ s PPP average was 20.5 % compared to the global average of 18.5 %. After a year of consistent training , Africa ’ s PPP was 6.6 %, compared to a global average of 5.4 %, indicating that new habits become normal , fostering an improved security culture .

At baseline , Africa ’ s medium-sized enterprises had the lowest PPP – at 29.4 %, followed by small enterprises at 30 % and large enterprises with a surprisingly high 33.3 %. After training , large enterprises performed best , with a PPP average of 19 % 90 days after training and 5.7 % after a year . Medium-sized enterprises improved to 22.7 % 90 days after training and 10.5 % after a year . Small enterprises ’ PPP improved to 25.2 % after 90 days and 9 % after a year .

The report also revealed which industries are most vulnerable to cyberthreats and have the highest PPP . Across small and medium organisations globally , the healthcare and pharmaceuticals industries had the highest PPP of 32.3 % and 35.8 %, respectively . In large organisations , the insurance industry remained the most at risk for a second consecutive year with a PPP of 53.2 % globally . �