VendorsKnowBe4
KnowBe4
Cybersecurity reports and statistics published by KnowBe4
8 categories10 reports
Research Reports
Reports and publications from KnowBe4
From Agentic Risk to Human Win: Building a Culture of Security in the Era of Agentic AI
5/20/2026
Phishing Trends Threat Report
4/30/2026
Australia's Cybersecurity Paradox: Strong Defences, Weak Habits
3/10/2026
The State of Human Risk 2025
12/10/2025
KnowBe4 Uncovers Surged Abuse of Legitimate Platforms by Cybercriminals in 2025
10/29/2025
Navigating Cyber Threats Infosecurity Europe 2025 Findings
8/26/2025
Financial Sector Threats Report
8/21/2025
Q2 2025 KnowBe4 Simulated Phishing Roundup Report
7/17/2025
State and Local Cybersecurity: Facing New Burdens Amid Rising Threats
5/27/2025
2025 Phishing By Industry Benchmarking Report
5/13/2025
Recent Statistics & Reports
The global average baseline PPP before training was 33.1%. This means approximately one-third of employees interact with phishing simulations before undergoing best-practice security awareness training.
5/13/2025•
Phishing
Organizations with 10,000+ employees showed a global baseline PPP of 40.5%.
5/13/2025•
Phishing
Globally, the top three most at-risk industries with the highest baseline PPP were Healthcare & Pharmaceuticals (41.9%), Insurance (39.2%), and Retail & Wholesale (36.5%).
5/13/2025•
Phishing
From 2024 to 2025, the general trend of around one-third of employees clicking on a simulated phishing link before training remained fairly consistent.
5/13/2025•
Phishing
After implementing phishing training, the global PPP fell by 40% in just three months.
5/13/2025•
Phishing
49.7% of clicked phishing simulations mentioned HR.
4/28/2025•
EmailPhishingImpersonation
Over 60% of top-clicked phishing emails were related to HR and IT.
4/28/2025•
EmailPhishingImpersonation
People were more likely to click on links related to internal topics or impersonating known brands, accounting for 61.6% of clicks.
4/28/2025•
EmailPhishingImpersonation
In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).
4/28/2025•
EmailPhishingImpersonation
The top three QR codes scanned in simulations related to: A new drug and alcohol policy from HR (14.7%), A DocuSign for review and signing (13.7%), A Workday happy birthday message (12.7%).
4/28/2025•
EmailPhishingImpersonation
68.6% of clicked links involved domain spoofing.
4/28/2025•
EmailPhishingImpersonation
60.7% of the phishing simulations that were clicked mentioned an internal team.
4/28/2025•
EmailPhishingImpersonation
Internal communications are a significant driver of phishing failures. Emails impersonating internal teams, particularly HR and IT, received the most failures in phishing simulations.
4/28/2025•
EmailPhishingHR
In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).
4/28/2025•
EmailPhishingImpersonation
Successful reported cyberattacks on UK utility companies surged by 586% from 2022 to 2023.
4/23/2025•
Cyber attackUtilityUK
The average number of cyberattacks against the energy and utilities sector more than doubled between 2020 and 2022.
4/23/2025•
Cyber attackEnergy and utilities
The energy sector reported three times more operational technology (OT)/industrial control system (ICS) cyber incidents than any other industry in 2023.
4/23/2025•
Cyber attackEnergy
Phishing was behind 34% of attacks reported in the energy sector.
4/23/2025•
Cyber attackEnergyPhishing
Security awareness training has significantly reduced phishing susceptibility in large energy organisations, dropping from 47.8% to 4% in one year.
4/23/2025•
EnergyPhishingSecurity awareness training
94% of energy firms are pushing to adopt AI-driven cybersecurity due to revenue losses and disruptions caused by ransomware and phishing.
4/23/2025•
AIEnergyRansomware
Showing 81-100 of 195 results