Top 5 Phishing Statistics 2024 | By The Numbers

In today’s digital age, phishing attacks continue to be one of the most prevalent cyber threats, causing significant financial and reputational damage to businesses and individuals alike.

By leveraging social engineering tactics involved in phishing, cybercriminals aim to deceive their targets into revealing sensitive information, such as login credentials and financial data, or downloading malicious software.

This article delves deeper into the top five phishing statistics to raise awareness about the evolving landscape of cyber threats and the importance of staying vigilant.

1. Phishing accounts for 90% of all data breaches

Cybercriminal engaging in phishing.

According to the Verizon Data Breach Investigations Report, a staggering 90% of data breaches can be attributed to phishing attacks.

Cybercriminals often use phishing emails as an entry point to infiltrate networks, gain access to sensitive data, and steal this information from organisations. This statistic emphasizes the importance of robust cybersecurity measures, including the implementation of threat detection and prevention technologies, as well as employee training to recognise and respond to phishing attacks.

In many cases, phishing attacks lead to the compromise of personal information, financial details, and confidential corporate data. The resulting data breaches can cause lasting damage to an organisation’s reputation, undermine customer trust, and result in hefty fines. This underscores the critical need for businesses to prioritise cybersecurity and develop a comprehensive strategy to mitigate the risk of phishing attacks.

2. One in every 3,300 emails is a phishing attempt

Research by Avanan, a cloud security platform, found that one in every 3,300 emails is a phishing attempt.

This highlights the sheer volume of phishing emails that inundate our email inboxes daily. With such a high frequency of phishing emails, it is crucial for individuals and organisations to develop strong email security practices, such as multi-factor authentication and SPF/DKIM, to protect against these threats.

Additionally, employee training and awareness programs play a vital role in helping individuals recognize and respond to phishing attacks. By educating employees on the telltale signs of phishing emails, such as generic greetings, unexpected attachments, and suspicious URLs, organisations can significantly reduce their vulnerability to phishing attempts.

3. COVID-19-related phishing attacks increased by 600% in 2020

The global pandemic provided a unique opportunity for cybercriminals to exploit fear and uncertainty. According to a report by Barracuda Networks, there was a 600% increase in COVID-19-related phishing attacks in 2020. These attacks often impersonated health organisations, government agencies, or financial institutions and preyed on individuals seeking information or assistance during the crisis.

This statistic underscores the adaptability of cyber criminals and the importance of staying vigilant during times of global upheaval. Organisations should be prepared to respond to emerging threats by regularly updating their security policies, monitoring for new attack vectors, and educating employees on the latest trends in phishing campaigns.

4. 65% of cybercriminals’ preferred attack vector is phishing

In a study by Cybereason, 65% of cybercriminals identified phishing as their preferred attack vector. The reason for this preference lies in the simplicity and effectiveness of phishing campaigns. By exploiting human psychology, phishing attacks can bypass advanced security systems and rely on the weakest link in the security chain: the human factor.

This statistic highlights the need for a combination of technical solutions and user education to address this pervasive threat.

Organisations may want to consider investing in advanced email filtering and threat detection technologies to minimise the number of phishing emails that reach employee inboxes. At the same time, firms must prioritise employee training to ensure that individuals can recognize and report potential phishing attempts.

5. Organizstions lose an average of $4.65M million per phishing attack

The financial impact of phishing attacks is substantial. According to a report by IBM, organizations lose an average of $4.65 million per phishing attack.

These losses can stem from the theft of sensitive data, the cost of remediation, reputational damage, and potential fines. This statistic demonstrates the significant financial risk phishing attacks pose to businesses and underscores the importance of investing in preventative measures and employee training.

The financial implications of a successful phishing attack go beyond the immediate losses associated with data breaches. Organisations may also face long-term consequences, such as lost customers, diminished brand reputation, and increased insurance premiums.

Furthermore, businesses that fail to comply with data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union, can be subject to substantial fines, adding to the overall cost of a phishing attack.


Phishing attacks remain a significant cyber threat, affecting businesses and individuals worldwide. By understanding the scale and impact of phishing, organisations can take the necessary steps to protect themselves from these increasingly sophisticated attacks.

Investing in robust cybersecurity measures, implementing employee training programs, and fostering a culture of security awareness are essential to mitigating the risk of phishing attacks and their potential consequences.

To stay ahead of the evolving phishing threat landscape, organisations should continuously assess their security posture, embrace emerging technologies, and regularly update their security policies. Furthermore, businesses should cultivate a security-conscious workforce by providing ongoing training and promoting a culture that encourages employees to report suspicious activity.

As cybercriminals continue to adapt their tactics and find new ways to exploit human vulnerabilities, it is crucial for individuals and organisations alike to remain vigilant and prioritize cybersecurity. By staying informed about the latest phishing statistics and trends, we can all contribute to a safer, more secure digital environment.

Leave a Comment