Phishing Attack Statistics: Market Report & Data

Our Newsletter

The Business Week In Data

Sign up for our newsletter and become the navigator of tomorrow's trends. Equip your strategy with unparalleled insights!

Table of Contents

Welcome to our profound analysis of Phishing Attack Statistics. In our technologically advanced world, phishing attacks have unfortunately become an emerging trend. It’s a serious threat that affects both individuals and corporations, crippling their security measures and resulting in significant financial losses. This blog post will delve into the latest statistics on phishing attacks, offering insights on their increased prevalence, the industries most targeted, and the alarming economic implications thereof. We aim to equip you with a comprehensive understanding of this silent menace, and with this knowledge, empower you to fortify your protective measures.

The Latest Phishing Attack Statistics Unveiled

1 in every 4,200 emails is a phishing attempt.

The enigmatic statistic that speaks of a phishing attack lurking in every 4,200 emails sends a chilling warning to us about the nebulous threat in the digital cosmos. By illustrating the significant magnitude of each attack’s prevalence, it emphasizes the imperative need for comprehensive cybersecurity measures. Coupled with the omnipresence of email as a primary communications mode, the number exhorts us towards more vigilant email behaviors and stringent security measures. The extent of these phishing attempts woven into our daily communications punctuates the vital information that our Blog Post on Phishing Attack Statistics aims to deliver, thus reminding everyone of the lurking danger inside our inboxes.

32% of data breaches involve phishing activity.

Diving right into the cyber world’s murkier depths, one cannot skirt around a striking figure – a whopping 32% of data breaches stem from phishing activity. This chilling statistic, tucked comfortably in the shadows of our blog post about Phishing Attack Statistics, serves as a harbinger, illuminating the colossal scale and widespread reach of phishing attacks. In essence, it starkly highlights the pressing reality of the digital age – the ever-looming threat of data breaches hinging on an innocuous click. Let this number resonate, alerting everyone universally to the potentially treacherous digital waters our data sails through daily, underlining the urgency for an informed, cautious approach towards our interactions online.

About $17,700 is lost every minute due to phishing attacks.

A staggering $17,700 disappearing every minute due to phishing attacks paints a chilling picture of the online threat landscape. Serving as a stark reminder, it forces us to comprehend not just the vast scale of these cybercrimes, but also the rapid speed at which they are occurring. In a blog post delving into phishing attack statistics, such a dramatic figure serves to underscore the gravity of the situation, emphasizing the urgency to enhance preventative measures against this rising tide of digital fraud.

65% of attackers use spear phishing as the primary infection vector.

Highlighting the statistic that “65% of attackers use spear phishing as their primary infection vector” underscores the critical threat spear phishing presents in today’s digital landscape. In the vast ocean of phishing attacks, this statistic reveals a dominant and alarming tactic, thus setting an immediate tone of caution against such methods. It serves as a formidable herald of the sophisticated, personalized means attackers are willing and able to deploy, focusing the reader’s attention on the significance of understanding, recognizing, and countering spear phishing attacks in their respective cyber environments.

More than 90% of successful hacks and data breaches stem from phishing email campaigns.

Highlighting the alarming statistic that over 90% of successful hacks and data breaches originate from phishing email campaigns underscores the pervasive threat these deceptive practices pose in our digitized society. In a blog post examining the trajectory of phishing attack statistics, this statistic serves as an existential reminder, illumining the chilling reality that phishing constitutes the lion’s share of cybercriminal activities. It amplifies the need for robust cyber security defenses, education, and practices for individuals and organizations alike, anchoring the discussion on the imperative issue of cyber safety in an era defined by interconnected digital landscapes.

A Verizon investigation found that users open 30% of phishing emails, with 12% of them clicking on the malicious link or attachment.

Painting a vivid picture of the looming digital threats, these striking figures from a Verizon investigation serve as a stark warning to internet users. Highlighting that nearly a third of phishing emails fool the recipient into opening them, the data suggests a considerable vulnerability in current cybersecurity practices. Even more concerning, almost half of those potentially compromised users proceed to click on the manipulated links or attachments, thereby potentially triggering detrimental cyber attacks. These statistics underscore the urgency and importance of robust cybersecurity measures, thereby enhancing the depth and context of phishing attack statistics in our blog post.

59% of phishing attacks that successfully steal data are conducted via email.

Swimming in the digital ocean of today’s information age, we encounter a dark undertow in the form of phishing attacks. A startling determining factor, amounting to 59%, of these surreptitious data thefts is conducted via a tool most of us use every day: email. When crafting a narrative about Phishing Attack Statistics, one simply cannot overlook this key ingredient. The fact that such a significant share of successful phishing attacks are perpetrated through emails underlines the inherent vulnerability of this common communication platform, creating a pressing argument for reinforced security measures and user education. This high percentage paints a vivid picture of the battle ground, emphasizing the immediate imperative for users to stay on high alert with their inbox.

About 76% of businesses reported being a victim of a phishing attack in 2020.

Highlighting the startling fact that approximately 76% of businesses fell prey to phishing attacks in 2020 serves as a stern wake-up call in a post focused on phishing attack statistics. It underscores the pervasive and escalating threat that phishing attacks present to businesses globally. This figure not only establishes the magnitude of the issue, but can also provoke businesses to reflect on their cyber defense strategies, stimulate decision-makers to emphasize cybersecurity reforms, and affirm the dire need for continuous staff training in phishing awareness.

Nearly 1.5 million new phishing sites are created each month.

Unmasking the grim reality of the virtual world, the astonishing revelation that nearly 1.5 million new phishing sites spring into existence every month, underscores the escalating magnitude of cyber threats that internet users confront daily. Within the sphere of Phishing Attack Statistics, this alarming figure steers our attention not only towards the sheer volume of potential attacks but also the ruthlessness and ingenuity of cyber criminals. It sketches a chilling vision of the digital battlefield where relentless diligence and advanced cybersecurity measures are central to preventing these stealthy, pernicious assaults on our data privacy.

Spear phishing accounts for 95% of enterprise network attacks.

Diving into the sinister depths of Phishing Attack Statistics, we uncover a striking spectacle—a monstrous leviathan labelled ‘Spear Phishing.’ Accounting for a savage 95% of enterprise network attacks, it single-handedly dominates the cyber ocean, proving to be an existential threat to data privacy and digital security. The figure astoundingly reveals the magnitude of this refined form of phishing, where targeted attacks hijack corporate networks, setting a sharp focus on the importance of fortifying one’s digital walls and enhancing cybersecurity protocols within enterprises.

85% of organizations suffered from phishing and social engineering attacks in 2020.

As we dive into the chilling realm of Phishing Attack Statistics, the deeply unsettling figure of 85% of organizations victimized by phishing and social engineering attacks in 2020 immediately jolts us into the tainted reality of cybersecurity. Serving as a stark reminder, this statistic vividly illustrates the rampant vulnerabilities within our digital fortresses, amplifying the importance of stringent cybersecurity measures. In a world increasingly dictated by technology, this statistic underscores that nearly every organization, regardless of size or nature, isn’t merely susceptible but highly likely to be targeted by cybercriminals leveraging these deceitful tactics. Thus, reinforcing the urgence of an evolving defense strategy in the unceasing battle against these nefarious digital threats.

1.4 million phishing websites are created every month, according to a Webroot Threat Report.

The staggering figure of 1.4 million new phishing sites cropping up each month, as highlighted in the Webroot Threat Report, paints a vivid picture of the exponential threat lurking in the digital realm. In a world that’s becoming digitally intertwined, these numbers validate the escalating frequency and sophistication of phishing attacks. They underline the urgency for constant vigilance, proactive detection methods, and robust security measures to ensure a safe cyberspace. These statistics serve as an awakening call, underpinning the need to understand and stay ahead of such deceptive techniques in the context of a blog post about Phishing Attack Statistics.

70% of global organizations reported an increase in phishing attacks in 2020.

Illustrating the intensifying threat in the digital sphere, a staggering 70% of global organizations observed an escalation in phishing attacks in 2020. In a blog post dedicated to phishing attack statistics, this figure serves as a stark reminder of this growing menace. It signals a trend of increasing criminal cyber activity, thus reinforcing the urgency and importance of implementing fortifying security measures. Not only does it make for engaging reading, but it also underlines the severity of the risk involved and echoes the relevance of the topic being discussed.

Mobile users are 18x more likely to be exposed to a phishing attempt than malware.

Highlighted within a blog post about Phishing Attack Statistics, this arresting statistic has a crucial impact for all digital device users. An 18-fold greater risk to mobile users of encountering a phishing attempt compared to malware underpins the urgency and growing threat of phishing attacks. This emphasizes the paramount importance of cybersecurity measures to protect vulnerable mobile devices, and suggests that phishing, not malware, should be our primary online safety concern. The statistic offers not only heightened awareness of the breadth of the phishing epidemic but also triggers a call-to-action to bolster our defenses against these surreptitious cyber attacks.

Phishing represents 90% of all digital attacks on businesses.

Undeniably, the above statistic paints a lurid picture of the contemporary digital threat landscape where Phishing sits ominously at the epicenter. Accounting for 90% of all digital attacks on businesses, it highlights the colossal significance of Phishing in the ever-evolving cyber threat environment. The revelation is a call to action for organizations, underscoring an urgent need for comprehensive cybersecurity measures, robust employee education, and preventative strategies. This grim reality, if addressed judiciously in our blog post about Phishing Attack Statistics, accentuates the relevance and urgency of steadfast defense mechanisms against such pernicious attacks.

The average financial cost of a data breach is $3.86 million, a significant portion of which is caused by phishing.

Hovering at a staggering $3.86 million, the average financial fallout from a data breach comes predominantly from phishing attacks, underscoring the financial blow these scams can inflict on businesses. This eye-opening figure emphasizes the high stakes in the game of cybersecurity, reframing the conversation around phishing attacks from mere inconveniences to potential financial catastrophes. Thus, findings like this act as a wake-up call for businesses, provoking a reevaluation of current security measures and spotlighting the financial underbelly exposed by phishing threats. So, in the context of an article on Phishing Attack Statistics, this statistic makes it clear that these aren’t small-time cyber tricks but rather serious threats wielding the power to undermine the financial stability of even the most security-conscious organizations.

Nearly 30% of phishing messages were opened by targeted users during 2016.

Highlighting that nearly 30% of phishing messages were opened by targeted users in 2016 underscores both the subtle artistry of phishing emails and the needed vigilance of users. The figure casts a spotlight on the percentage of users duped into opening these malicious missives, indirectly emphasizing the alarming effectiveness and scope of these cyber threats. In a world where digital literacy is paramount, this statistic serves as a stark reminder, exhorting users to scrutinize their digital communication meticulously to avoid becoming a fraction of next year’s statistic.

In 2020, phishing scams were responsible for a loss of over $54 million.

Unwrapping the hefty $54 million loss that phishing scams accounted for in 2020 exposes the seriousness of this digital attack’s harsh reality, especially within the frame of Phishing Attack Statistics. It underscores the necessity for proactive cybersecurity measures among individuals and businesses given the aggressive, predatory nature of these online scams. The astronomic financial drain reveals cybercriminals’ adeptness at masquerading as legitimate entities to dupe unsuspecting victims, reinforcing the urgency of developing advanced strategies to outsmart these malicious activities, a key point within the blog’s context. This figure also hints at the scale of people affected and potentially serves as a menacing forecast of what’s looming if countermeasures aren’t amped up.


To summarize, phishing attack statistics reveal a significant and rising threat in the digital world. With an increased dependency on digital platforms, businesses and individuals have become more susceptible to these cybercrimes. From accessing confidential data to causing monetary losses, the consequences are severe and far-reaching. Therefore, it’s essential for everyone to stay informed about these attacks and implement robust cybersecurity measures to mitigate the risk and impact of phishing attacks.


0. –

1. –

2. –

3. –

4. –

5. –

6. –

7. –

8. –

9. –

10. –


What is a phishing attack?

A phishing attack is a type of cyber-attack where the attacker pretends to be a reputable entity or person in email or other communication channels. The attacker's goal is to steal sensitive data like credit card numbers and login information. It's often used to gain a foothold in corporate or governmental networks as a part of a larger attack, like an Advanced Persistent Threat (APT) infiltration.

How does a phishing attack typically occur?

Phishing attacks typically occur via email. The attacker sends an email that appears to be from a legitimate organization, usually designed to look like a request for information or help. The email may include a link that directs the user to a fake website where they are prompted to provide personal information. The site will be designed to look trustworthy, often mimicking a real website.

What are the common types of phishing?

There are several common types of phishing attacks. These include spear phishing, where specific individuals are targeted; clone phishing, where a legitimate email is cloned with a malicious replacement; and Whaling, where high-profile individuals are targeted. Another type is the CEO fraud or Business Email Compromise attacks, where the attacker presents as the company CEO or any executive and sends an email to employees.

How can one recognize and avoid phishing attacks?

Some signs of a phishing attack can include misspelled URLs, poor grammar, requests for personal information, and unsolicited attachments. To avoid phishing attacks, never provide personal information or financial details through email, always verify the source of a message, and use secure and updated browsers.

What should one do if they fall victim to a phishing attack?

If you fall victim to a phishing attack, you should immediately change all your passwords, especially for any accounts that contain sensitive information. Contact financial institutions to report fraudulent activities, monitor your accounts for suspicious activities, and report the incident to local law enforcement or your country's cybercrime unit. Consider seeking guidance from IT professionals to secure your online presence.

How we write our statistic reports:

We have not conducted any studies ourselves. Our article provides a summary of all the statistics and studies available at the time of writing. We are solely presenting a summary, not expressing our own opinion. We have collected all statistics within our internal database. In some cases, we use Artificial Intelligence for formulating the statistics. The articles are updated regularly.

See our Editorial Process.

Table of Contents

... Before You Leave, Catch This! 🔥

Your next business insight is just a subscription away. Our newsletter The Week in Data delivers the freshest statistics and trends directly to you. Stay informed, stay ahead—subscribe now.

Sign up for our newsletter and become the navigator of tomorrow's trends. Equip your strategy with unparalleled insights!