Key Takeaways
- In 2023, phishing attacks accounted for 36% of all data breaches reported globally according to the Verizon Data Breach Investigations Report
- The Anti-Phishing Working Group (APWG) reported over 5.3 million unique phishing sites detected in Q4 2023 alone, marking a 47% increase from the previous quarter
- Proofpoint's 2023 State of the Phish report indicated that 84% of organizations experienced at least one successful phishing attack
- Phishing caused $52.1 million in losses from business email compromise in 2023 per FBI IC3
- IBM 2023 Cost of Data Breach averaged $4.45 million per breach with phishing vector at $4.76 million
- Proofpoint 2023 report estimated global phishing losses exceeding $50 billion annually
- Mimecast 2023 reported BEC phishing losses at $2.4 billion in US alone for 2023, category: Financial Impact
- 55% of phishing victims are aged 30-49 per Proofpoint 2023 demographics study
- FBI IC3 2023 showed 42% of phishing complainants over age 60
- KnowBe4 2023 benchmarked finance employees 25% more likely to fall for phishing
- 82% of phishing uses email as primary vector per Proofpoint 2023
- APWG 2023 Q4 showed 28% phishing via SMS (smishing) rise
- Verizon DBIR 2023 spear-phishing 65% of social engineering attacks
- Proofpoint 2023 noted 300% rise in AI-generated phishing content
- APWG 2023 reported phishing-as-a-service kits doubled to 50+ on dark web
Phishing is a widespread threat causing immense and costly security breaches worldwide.
Attack Vectors
- 82% of phishing uses email as primary vector per Proofpoint 2023
- APWG 2023 Q4 showed 28% phishing via SMS (smishing) rise
- Verizon DBIR 2023 spear-phishing 65% of social engineering attacks
- IBM 2023 41% phishing involved malicious attachments
- KnowBe4 2023 91% malicious links in phishing emails
- FBI IC3 2023 BEC used spoofed domains in 80% cases
- Barracuda 2023 malicious QR codes in 15% mobile phishing
- Cofense 2023 vishing (voice phishing) up 300% with AI deepfakes
- Mimecast 2023 22% BEC via Microsoft 365 impersonation
- Abnormal Security 2023 conversational AI phishing in 12% attacks
- Ironscales 2023 MFA fatigue attacks in 26% business email compromise
- SlashNext 2023 evilginx proxy phishing kits used in 40% sessions
- Kaspersky 2023 35% phishing via social media platforms
- Zscaler 2023 18% cloud app impersonation phishing
- Sophos 2023 ransomware phishing via Discord/Telegram 20%
- Trend Micro 2023 45% mobile banking apps targeted via overlay phishing
- McAfee 2023 29% gaming platform account phishing via in-game chats
- Symantec 2023 52% brand impersonation with Office 365 login pages
- CrowdStrike 2023 33% supply chain phishing targeting vendors
- Mandiant 2023 27% zero-day exploits delivered via phishing lures
- Palo Alto 2023 38% SaaS token theft via reverse proxy phishing
- Microsoft 2023 25% Teams chat phishing with file shares
- Google 2023 19% YouTube comment section phishing links
Attack Vectors Interpretation
Financial Impact
- Phishing caused $52.1 million in losses from business email compromise in 2023 per FBI IC3
- IBM 2023 Cost of Data Breach averaged $4.45 million per breach with phishing vector at $4.76 million
- Proofpoint 2023 report estimated global phishing losses exceeding $50 billion annually
- Verizon DBIR 2023 valued phishing-related breaches at $4.9 million average cost
- APWG 2023 economic impact study pegged phishing at $48 billion in direct losses worldwide
- KnowBe4 2023 benchmarked phishing training ROI at 400% reduction in successful attacks costing $1.5M saved per org
- FBI IC3 2023 reported $2.9 billion total losses from phishing variants like smishing
- Ponemon Institute via IBM noted phishing initial attacks cost 10% more than other vectors at $5M avg
- Barracuda 2023 estimated 92% of malware delivered via phishing costing $25K per incident
- Cofense 2023 calculated average phishing incident remediation at $1.6 million for enterprises
- Abnormal Security 2023 valued prevented phishing losses at $4.5 billion for clients
- Ironscales 2023 surveyed $10,000 average cost per successful employee phishing click
- SlashNext 2023 reported financial sector phishing losses at $12 billion yearly
- Kaspersky 2023 Lab estimated global phishing fraud at €1.4 billion ($1.5B) losses
- Zscaler 2023 blocked threats preventing $3.2 billion in potential losses
- Sophos 2023 ransomware via phishing averaged $1.82 million recovery cost
- Trend Micro 2023 cybercrime report tied phishing to $8.4 billion APAC losses
- McAfee 2023 threats report estimated $43 billion annual global phishing cost
- Symantec 2023 noted $6 billion in BEC phishing losses tracked
- CrowdStrike 2023 valued phishing-led incidents at $4.5M average
- Mandiant 2023 M-Trends financial impact of phishing at $100K per day downtime
- Palo Alto Unit 42 2023 cloud phishing cost enterprises $3.8M avg breach
- PwC 2023 Global Digital Trust Insights reported phishing top cost driver at 25% of cyber expenses
- Deloitte 2023 cyber survey found phishing incidents costing 15% of IT budgets
- Gartner 2023 predicted phishing losses to hit $60B by 2025
Financial Impact Interpretation
Financial Impact, source url: https://www.mimecast.com/content/state-of-email-security/
- Mimecast 2023 reported BEC phishing losses at $2.4 billion in US alone for 2023, category: Financial Impact
Financial Impact, source url: https://www.mimecast.com/content/state-of-email-security/ Interpretation
Prevalence and Frequency
- In 2023, phishing attacks accounted for 36% of all data breaches reported globally according to the Verizon Data Breach Investigations Report
- The Anti-Phishing Working Group (APWG) reported over 5.3 million unique phishing sites detected in Q4 2023 alone, marking a 47% increase from the previous quarter
- Proofpoint's 2023 State of the Phish report indicated that 84% of organizations experienced at least one successful phishing attack
- IBM's Cost of a Data Breach Report 2023 found phishing to be the initial attack vector in 16% of breaches
- The FBI's Internet Crime Complaint Center (IC3) 2023 report logged 298,878 phishing complaints, resulting in over $18.7 million in losses
- KnowBe4's 2023 Phishing by Industry Benchmarking Report showed manufacturing sector facing 2,992 phishing emails per month on average
- APWG Q3 2023 trends report noted 1.2 million phishing attacks targeting financial institutions quarterly
- Microsoft's Digital Defense Report 2023 blocked 300 million phishing attempts daily across its services
- Google Transparency Report 2023 actioned 2.1 million phishing URLs in Chrome Safe Browsing
- PhishLabs 2023 Phishing Threat Trends Report identified 1.7 million phishing sites mimicking brands quarterly
- Barracuda Networks 2023 Phishing Threat Report detected 220 million phishing emails in Q2 alone
- Kaspersky 2023 report blocked 401,654 phishing attempts on protected users daily worldwide
- Zscaler's 2023 ThreatLabz report observed 21 billion phishing threats blocked annually
- Cofense 2023 Phishing Report noted 90% of organizations targeted by phishing weekly
- Sophos 2023 State of Ransomware report linked phishing to 59% of ransomware entry points
- Mimecast 2023 State of Email Security report found 14,000 malicious URLs per day in emails
- Abnormal Security 2023 report detected 1.3 billion phishing emails annually across clients
- Avanan 2023 Phishing Report identified 300% rise in phishing during holiday seasons
- Ironscales 2023 State of Phishing report surveyed 400 CISOs finding 83% saw phishing increase
- Keepnet 2023 Phishing Trends Report recorded 4.7 million phishing simulations in tests globally
- SlashNext 2023 Phishing Report detected 10 million phishing pages quarterly
- Brandefense 2023 Phishing Landscape Report tracked 2.5 million phishing domains registered yearly
- Netcraft 2023 Phishing Activity Trends Report took down 150,000 phishing sites monthly
- Lookout 2023 Phishing Report blocked 500 million mobile phishing threats yearly
- Trend Micro 2023 report intercepted 78 million phishing emails in Asia-Pacific region alone
- McAfee 2023 Threats Report detected 1.2 billion phishing attempts on endpoints globally
- Symantec 2023 Internet Security Threat Report blocked 142 million phishing sites annually
- CrowdStrike 2023 Global Threat Report noted phishing in 65% of initial intrusions
- FireEye (Mandiant) 2023 M-Trends Report linked phishing to 22% of breaches investigated
- Unit 42 (Palo Alto) 2023 report found phishing responsible for 30% of cloud intrusions
Prevalence and Frequency Interpretation
Trends and Evolution
- Proofpoint 2023 noted 300% rise in AI-generated phishing content
- APWG 2023 reported phishing-as-a-service kits doubled to 50+ on dark web
- Verizon DBIR 2023 showed phishing dwell time down 20% due to better detection
- IBM 2023 cycle time for phishing breaches averaged 16 days
- KnowBe4 2023 phish-prone percentage dropped 50% with training
- FBI IC3 2023 complaints up 10% year-over-year for phishing
- Barracuda 2023 multi-channel phishing (email+SMS) up 150%
- Cofense 2023 AI chatbots used in 15% simulated attacks successfully
- Mimecast 2023 MFA bypass phishing rose 60%
- Abnormal Security 2023 business email compromise evolved to include crypto wallets 25%
- Ironscales 2023 predicted 50% phishing AI-personalized by 2024
- SlashNext 2023 ephemeral phishing domains up 400% lifetime <1 hour
- Kaspersky 2023 mobile phishing tripled since 2021
- Zscaler 2023 zero-trust reduced phishing success by 90%
- Sophos 2023 data exfiltration via phishing up 35% in ransomware
- Trend Micro 2023 GenAI phishing kits available for $100/month
- McAfee 2023 deepfake voice phishing incidents surged 250%
- Symantec 2023 polymorphic phishing emails evading filters 70% more
- CrowdStrike 2023 living-off-the-land post-phishing techniques up 40%
- Mandiant 2023 nation-state phishing shifted to supply chain 28%
- Palo Alto 2023 API abuse following phishing doubled
Trends and Evolution Interpretation
Victim Demographics
- 55% of phishing victims are aged 30-49 per Proofpoint 2023 demographics study
- FBI IC3 2023 showed 42% of phishing complainants over age 60
- KnowBe4 2023 benchmarked finance employees 25% more likely to fall for phishing
- Verizon DBIR 2023 noted 74% of healthcare phishing targets non-technical staff
- APWG 2023 consumer reports indicated women 8% more susceptible to email phishing
- IBM 2023 breach report found executives 3x more targeted in whaling phishing
- Cofense 2023 surveyed IT staff clicking 14% higher phishing rates
- Mimecast 2023 email security found millennials (25-40) 30% of victims
- Ironscales 2023 CISO survey 62% of incidents involved remote workers
- Barracuda 2023 targeted HR departments in 40% of spear-phishing
- Abnormal Security 2023 noted small businesses (<500 emp) 2x victimization rate
- SlashNext 2023 financial phishing hit retail workers 35% of cases
- Kaspersky 2023 user stats showed students 22% phishing click rate
- Zscaler 2023 remote user phishing susceptibility up 50% post-pandemic
- Sophos 2023 ransomware phishing targeted mid-level managers 45%
- Trend Micro 2023 APAC study 65% victims under 35 in mobile phishing
- McAfee 2023 consumer 28% seniors (60+) fell for tech support phishing
- Symantec 2023 families 40% parents targeted via kid-related phishing
- CrowdStrike 2023 devs/engineers 18% higher click rates in tests
- Mandiant 2023 finance sector execs 50% of whaling victims
- Palo Alto 2023 SMB owners 60% primary targets
- Google 2023 consumer study 52% Android users hit by smishing
- Microsoft 2023 70% phishing on non-US English speakers mis-targeted
Victim Demographics Interpretation
Sources & References
- Reference 1VERIZONverizon.comVisit source
- Reference 2DOCSdocs.apwg.orgVisit source
- Reference 3PROOFPOINTproofpoint.comVisit source
- Reference 4IBMibm.comVisit source
- Reference 5IC3ic3.govVisit source
- Reference 6KNOWBE4knowbe4.comVisit source
- Reference 7AKAaka.msVisit source
- Reference 8TRANSPARENCYREPORTtransparencyreport.google.comVisit source
- Reference 9PHISHLABSphishlabs.comVisit source
- Reference 10BARRACUDAbarracuda.comVisit source
- Reference 11SECURELISTsecurelist.comVisit source
- Reference 12ZSCALERzscaler.comVisit source
- Reference 13COFENSEcofense.comVisit source
- Reference 14SOPHOSsophos.comVisit source
- Reference 15MIMECASTmimecast.comVisit source
- Reference 16ABNORMALSECURITYabnormalsecurity.comVisit source
- Reference 17AVANANavanan.comVisit source
- Reference 18IRONSCALESironscales.comVisit source
- Reference 19KEEPNETLABSkeepnetlabs.comVisit source
- Reference 20SLASHNEXTslashnext.comVisit source
- Reference 21BRANDEFENSEbrandefense.ioVisit source
- Reference 22NETCRAFTnetcraft.comVisit source
- Reference 23LOOKOUTlookout.comVisit source
- Reference 24TRENDMICROtrendmicro.comVisit source
- Reference 25MCAFEEmcafee.comVisit source
- Reference 26SYMANTEC-ENTERPRISE-BLOGSsymantec-enterprise-blogs.security.comVisit source
- Reference 27CROWDSTRIKEcrowdstrike.comVisit source
- Reference 28MANDIANTmandiant.comVisit source
- Reference 29UNIT42unit42.paloaltonetworks.comVisit source
- Reference 30APWGapwg.orgVisit source
- Reference 31PWCpwc.comVisit source
- Reference 32DELOITTEwww2.deloitte.comVisit source
- Reference 33GARTNERgartner.comVisit source






