Stats & Trends
Jonathan Crowe
Jul 2016

Phishing by the Numbers: Must-Know Phishing Statistics 2016

Photo by Kim Carpenter

Phishing is now the #1 delivery vehicle for ransomware and other malware. See the numbers behind its rise.

While many of us tend to think of cyber criminals as mastermind hackers who perpetrate state-of-the-art attacks from behind the shadows of a hoodie, the truth is the majority are simple scam artists. They don't bother with coming up with sophisticated ways to break through complex security systems. Why bother going to all that trouble when you can simply trick an employee into giving up information or clicking a link?

To help you get a better sense of the danger phishing poses (and to help you explain the risk of phishing to your boss and your users), we've collected seven telling statistics.

Once you're done reading these, be sure to check out our latest eBook, The Phishing Field Guide: How to Keep Your Users Off the Hook. It's full of actionable advice you can use to improve your organization's security posture and keep your employees safe.

85 percent of organizations have suffered phishing attacks


Wombat 2016 State of the Phish

According to Wombat Security’s 2016 State of the Phish report, not only are more organizations falling victim to phishing attacks, the number and sophistication level of the attacks they’re experiencing has gone up. Two-thirds of the organizations they studied reported experiencing attacks that were targeted and personalized (spear phishing attacks), up 22 percent from the year before. (Wombat Security)

30 percent of phishing emails get opened


Verizon 2016 DBIR

The sad thing is most marketers would kill for that open rate. The sadder thing is it explains why phishing continues to be so popular among attackers. It's a delivery tactic that works. Help your users avoid becoming phishing victims with these five tips. (Verizon 2016 DBIR)

#1 delivery vehicle for malware is email attachments


Verizon 2016 DBIR

Considering the success rate of phishing, perhaps it's no surprise malicious email attachments and links are two of the top three malware delivery mechanisms of choice for attackers. That makes email filtering and user education both smart security investments. (Verizon 2016 DBIR)

250 percent surge in phishing detected in Q1 2016


APWG Phishing Activity Trends Report

While it’s common to see a brief spike in phishing incidents around the holidays, researchers at the Anti-Phishing Working Group (APWG) were surprised to see this year’s spike grow into a sustained surge. The group observed more phishing attacks in Q1 2016 than in any other three-month span since it began tracking data in 2004. (SC Magazine)

9 out of 10 phishing emails carried ransomware in March


PhishMe Q1 2016 Malware Review

Anti-phishing vendor PhishMe reported a dramatic increase in the number of phishing emails deploying ransomware payloads over the course of Q1 2016. During March, 93% of the phishing emails they collected intended to infect victims with ransomware. (PhishMe)

$1.6 million: the average cost of a spear phishing attack



Not only is spear phishing increasingly common, attacks are also proving to be incredibly costly. According to a recent Cloudmark survey, companies hit by a successful spear phishing attack in the past 12 months suffered an average financial cost of $1.6 million. (Cloudmark)

1 in 3 companies have been victims of CEO fraud emails



Over a third of the respondents to a recent survey by AlienVault reported their executives have fallen victim to a CEO fraud email, and over 80 percent believed their executives could fall for targeted phishing scams in the future. Those concerns are well-founded. More than 50 organizations, including Snapchat and, were successfully targeted by CEO fraud emails asking for W-2 information this past tax season alone. (AlienVault)

Learn more how to keep your employees safe from phishing.

Sometimes the best way to stop phishers is to learn how to think like one. Download our Phishing Field Guide: How to Keep Your Users Off the Hook to find out who in your organization is most at-risk for getting phished and what you can do to stop them from taking the bait.

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Phishing Emails: A Field Guide

How to recognize, stop, and avoid phishing attacks.

Get my guide


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends stright to your inbox.