2024 State of the Phish Report Key Findings

This document is a reference for country-level statistics and key findings from Proofpoint’s 2024 State of the Phish report. It outlines the global findings, including the prevalence of risky actions taken by employees, with 71% admitting to such behaviors despite being aware of the risks. The report details the disconnect between IT teams and employees regarding security responsibilities, with 85% of security professionals believing employees are aware of their responsibilities, while 59% of employees are uncertain. Additionally, it discusses the false sense of security provided by multi-factor authentication (MFA), with over one million attacks launched monthly using the MFA-bypass framework EvilProxy. The report highlights the increase in business email compromise (BEC) attacks, aided by AI, and the persistence of cyber extortion, noting that 69% of organizations experienced ransomware infections. It also mentions the rise of telephone-oriented attack delivery (TOAD) and the lack of adequate user education on recognizing such threats.