2019 Beyond the Phish report

A strong cybersecurity posture has many facets. The same is true when it comes to users’ cybersecurity knowledge. Having the skills to identify and avoid lures in email phishing attacks is critical. But so is understanding how one’s own behavior, even beyond the inbox, can affect security. This insight matters on both a personal level and for the organization as a whole.

That’s the inspiration behind our fourth annual Beyond the Phish® report. In our deepest and most wide-ranging report yet, we explore user knowledge of a broad range of best practices for cyber hygiene, security and compliance. The report analyzes millions of responses gathered from our Security Education Platform. These include answers to CyberStrength® Knowledge Assessments and quiz questions within our interactive training courses.

This year’s report includes:

• Data from nearly 130 million questions answered by our customers’ end users. The analysis spans
  responses gathered between January 1, 2018, and February 28, 2019.
• Users’ understanding of 14 cybersecurity topics.
• Two new categories: users’ understanding of unintentional and malicious insider threats and a view of executives’ cybersecurity knowledge.
• Results across all users compared to the results of a selection of our Managed Services customers.
  It shows how adherence to security awareness training best practices influences success.
• Knowledge comparisons across 16 industries and common business departments.