2022 State of the Phish

Last year, we titled our introduction “A Year Like No Other.” We could easily have repeated that heading to describe 2021. The year has left many organizations contemplating what “normal” will mean for their workforces going forward.

Along with hybrid and remote work options, organizations are mulling the best ways to keep employees connected and collaborative. Studies show the ongoing pandemic has had a major impact on workers’ mental health. Employees are feeling burned out, emotionally drained and distracted.1 Meanwhile, cyber attackers are as adept as ever. And they continue to use tactics and lures that resonate with employees and consumers alike.

In this, our eighth annual State of the Phish report, we explore user vulnerabilities from multiple angles. We look at issues driven by poor cyber hygiene and those that could result from a lack of knowledge and clear communication. We discuss ways organizations can become more attuned to their risks. And we outline opportunities to build and sustain engaging security awareness training initiatives in this challenging climate.

This year’s report includes analysis of data from the following sources:

• A commissioned survey of 3,500 working adults across seven countries (Australia, France, Germany, Japan, Spain, the United Kingdom and the United States)
• A commissioned survey of 600 information and IT security professionals across the same seven countries
• Almost 100 million simulated phishing attacks sent by our customers over a 12-month period
• More than 15 million emails reported by our customers’ end users over that same time period