全球網(wǎng)絡(luò)釣魚市場前景及投資研究報告-培訓課件外文版2024.5

DIGITAL

&

TRENDSPhishingCHAPTER

01OverviewofcybercrimeworldwideEstimatedcostofcybercrimeworldwide2017-2028(intrillionU.S.dollars)Annualcostofcybercrimeworldwide2017-20281613.82141210812.4311.3610.299.228.157.085.49642.9521.160.860.702017201820192020202120222023202420252026202720284Description:Theglobalindicator'EstimatedCostofCybercrime'inthecybersecuritymarketwasforecasttocontinuouslyincreasebetween2023and2028byintotal5.7trillionU.S.dollars(+69.94percent).Aftertheeleventhconsecutiveincreasingyear,theindicatorisestimatedtoreach13.82trillionU.S.dollarsandthereforeanewpeakin2028.Notably,theindicator'EstimatedCostofCybercrime'ofthecybersecuritymarketwascontinuouslyincreasingoverthepastyears.

ReadmoreNote(s):Worldwide;2017to2028Source(s):TechnologyMarketInsightsPercentageoforganizationsworldwidethatexperiencedcyberattacksfrom2021to2022,byattacktypeShareofglobalcompaniesexperiencingcyberattacks2021-2022,bytypeShareofrespondents2022

202140%0%10%20%30%50%60%70%80%90%100%85%86%BulkphishingSmishing76%75%76%Ransomware78%75%77%Businesse-mail-compromise(BEC)Socialmedia74%74%74%Spearphishing79%71%Vishing69%69%Supplychain68%66%Dataloss:externalDataloss:insiderUSBDrop65%64%5Description:A2022surveyofworkingadultsandITprofessionalsworldwiderevealedthatbulkphishingattackswerethemostcommoncyberincidentsexperiencedby85percentoforganizationsin2022.Spearphishingrankedsecond,withthreeinfourrespondentsstatinghavingencounteredsuchincidentsduringthesameyear.Overall,between2021and2022,therehasbeenadecreaseinthemostcommontypesofattacks.

ReadmoreNote(s):Worldwide;2021to2022Source(s):ProofpointPercentageofinternetusersinselectedcountrieswhohaveeverexperiencedanycybercrimein2022Cybercrimeencounterrateinselectedcountries2022Shareofrespondents30%

40%0%10%20%50%49%60%70%68%80%IndiaUnitedStatesAustralia40%39%38%GlobalNewZealandFrance33%33%UnitedKingdomGermany30%Japan21%6Description:In2022,aroundfourinteninternetusersworldwidehaveeverexperiencedcybercrime.BasedonasurveyconductedbetweenNovemberandDecember2022,internetusersinIndiaweremostlikelytohavefallenvictimtocybercrime,asnearly70percentofrespondentsclaimedtohaveeverexperiencedcybercrime.TheUnitedStatesrankedsecond,withalmosthalfoftherespondents,49percent,sayingtheyhadexperiencedinternetcrime.

ReadmoreNote(s):Worldwide;2022;12,025respondents;18yearsandolderSource(s):GenDigital;HarrisPoll;NortonLifeLockShareofadultsworldwidewhofellvictimtoascamin2022,byvectorScamencounterrateinselectedcountries2022,byvectorShare

ofrespondentsIclickedonanemaillinkthatIrealizedwasascamIclickedonaSMSlinkthatIrealizedwasascamIclickedonafakenewsarticlethatwasascamIclickedonascamlinkpostedonsocialmediaIclickedonafraudulentpackagenotificationlink15%12%10%10%9%Iconnectedwithsomeoneonsocialmediaandwastargetedwithascam/ransomattempt8%Iopenedalinkormessagethatwasacost-of-livingscamIdiscoveredanapponmyphonethatIdidnotdownload7%6%7Description:In2022,15percentofrespondentsinselectedcountriesworldwidewhofellvictimtoascamsaidtheyrealizedtheywerescammedafterclickingonane-maillink.Afurther12percentclaimedfollowingalinkreceivedviaSMS,whiletenpercentclickedonafakenewsarticleandrealizeditwasascam.Overall,40percentofsurveyedrespondentsstatedhavingencounteredanyscam.

ReadmoreNote(s):Worldwide;2022;12,025respondents;18yearsandolder;amongthosewhofellvictimtoascamSource(s):GenDigital;HarrisPoll;NortonLifeLockGlobalnumberofcybercrimeincidentsfromNovember2021toOctober2022,byindustryandorganizationsizeCybercrimeincidentsworldwide2021-2022,byindustryandorganizationsizeTotalSmall6944Large4892Unknown1512924816Total1631225438AccomodationAdministrativeAgricultureConstructionEducation81456616087717949643218295222105963137028451153418416172947919508EntertainmentFinance30151100HealthcareInformationManagementManufacturingMining1814253722401753238Description:BetweenNovember2021andOctober2022,almost16thousandcybercrimeincidentsweredetectedworldwide.Ofthistotal,nearly700casesinvolvedsmallcompanies.Theorganizationsinthepublicadministrationsectorwerethemostaffectedamongtheindustriesresearched,withreported3,270cybercrimecases.Theinformationsectorrankedsecond,whilemanufacturingfollowed,witharound1,800incidentsineachindustry.ReadmoreNote(s):Worldwide;November1,2021toOctober31,2022Source(s):VerizonMostcommonlyreportedcybercrimecategoriesintheUnitedStatesin2022,bynumberofindividualsaffectedMostreportedcybercrimeintheU.S.2022,bynumberofindividualsaffectedNumberofindividualsaffected100,000

150,000050,000200,000250,000300,000350,000PhishingPersonaldatabreachNon-payment/Non-deliveryExtortion300,49758,85951,67939,41632,538TechSupportInvestmentIdentitytheft30,52927,922CreditCard/CheckFraudBECSpoofingConfidencefraud/romanceEmployment22,98521,83220,64919,02114,94611,779Harassment/Stalking9Description:In2022,themostcommontypeofcybercrimereportedtotheUnitedStatesInternetCrimeComplaintCenterwasphishing,affectingapproximately300thousandindividuals.Inaddition,nearly59thousandcasesofpersonaldatabreachescaseswerereportedtotheIC3duringthatyear.ReadmoreNote(s):UnitedStates;2022;crimesreportedtoIC3;widerindustrymetrixmayvarySource(s):FBI;IC3IC3reportedcybercrimewiththehighestamountofvictimlossesintheUnitedStatesin2022,bytype(inmillionU.S.dollars)LeadingcybercrimevictimlosscategoriesU.S.2022AmountoflossinmillionU.S.dollars05001,0001,5002,0002,5003,0003,500InvestmentBusinesse-mailcompromise(BEC)Techsupport3,311.742,742.35806.55742.44735.88PersonaldatabreachConfidencefraud/RomanceRealestate396.93Non-payment/Non-deliveryCreditcard/CheckfraudGovernmentimpersonationIdentitytheft281.77264.15240.55189.21107.93SpoofingAdvancedfeeLottery/sweepstakes/inheritance104.3383.610Description:In2022,investmentfraudwasthecybercrimecausingthemostseverefinancialdamagefortheindividualsintheUnitedStates.Overall,victimlossesinthiscategorywereoverthreebillionU.S.dollars.Businesse-mailcompromise(BEC)rankedsecond,amountingtoaround2.7billionU.S.dollarsinreportedvictimlosses.Afurther806millionU.S.dollarswerereportedinlossesfortechsupportfraudvictims.ReadmoreNote(s):UnitedStates;2022;crimesreportedtotheIC3Source(s):FBI;IC3Shareofadultsworldwidewhohaveexperiencedcyberthreatsin2022,bytypeOnlineadultsexperiencingcyberthreats2022,bytypeShareofrespondents10%

15%0%Mobile/SMSscamattemptPhishingscamattempt5%20%25%30%35%40%36%33%32%Computer/mobiledevicevirusattemptExtortionemailscamattemptEmailhackingattempt24%23%SocialmediahackingattemptIdentitytheftattempt21%15%RansomwareattackattemptDatingapphackingattempt12%9%11Description:In2022,mobileorSMSscamattemptwasthemostcommoncyberthreatexperiencedby36percentofadultsinselectedcountriesworldwide.Phishingscamattemptwasthesecond-mostcommoncyberthreat,whilecomputerormobiledevicevirusattemptrankedthird.ReadmoreNote(s):Worldwide;2022;12,025respondents;18yearsandolderSource(s):GenDigital;HarrisPoll;NortonLifeLockShareofadultsworldwidewhohaveexperiencedcybercrimeasofJanuary2023,bytypeOnlineadultsexperiencingcybercrime2023,bytypeShareofrespondents15%

20%0%5%10%25%30%35%40%45%Computer/mobiledevicevirusMobile/SMSscamPhishingscam41%35%30%Extortione-mailscamSocialmediahackingE-mailhacking24%23%20%RansomwareattackDatingapphack13%10%12Description:AsofJanuary2023,fourintensurveyedadultsworldwidesaidtheyhadexperiencedacomputeroramobiledevicevirus.ThoseencounteringmobileorSMSscamswere35percent,while30percentstatedexperiencingaphishingscam.Furthermore,aroundaquarterofrespondentshadexperiencedanextortione-mailscam.ReadmoreNote(s):Worldwide;November2022toJanuary2023;12,025respondents;18yearsandolderSource(s):GenDigital;HarrisPoll;NortonLifeLockCHAPTER

02OverviewofphishingattacksworldwidePercentageoforganizationsworldwidethatexperiencedcyberattacksfrom2021to2022,byattacktypeShareofglobalcompaniesexperiencingcyberattacks2021-2022,bytypeShareofrespondents2022

202140%0%10%20%30%50%60%70%80%90%100%85%86%BulkphishingSmishing76%75%76%Ransomware78%75%77%Businesse-mail-compromise(BEC)Socialmedia74%74%74%Spearphishing79%71%Vishing69%69%Supplychain68%66%Dataloss:externalDataloss:insiderUSBDrop65%64%14Description:A2022surveyofworkingadultsandITprofessionalsworldwiderevealedthatbulkphishingattackswerethemostcommoncyberincidentsexperiencedby85percentoforganizationsin2022.Spearphishingrankedsecond,withthreeinfourrespondentsstatinghavingencounteredsuchincidentsduringthesameyear.Overall,between2021and2022,therehasbeenadecreaseinthemostcommontypesofattacks.

ReadmoreNote(s):Worldwide;2021to2022Source(s):ProofpointNumberofuniquephishingsitesdetectedworldwidefrom3rdquarter2013to34thquarter2022NumberofglobalphishingsitesQ32013-Q420221,600,0001,400,0001,200,0001,000,000800,0001,350,0371,270,8831,097,8111,025,968888,585730,372611,681767,939637,302571,764600,000466,065364,424289,371400,000200,0000277,693144,174261,375263,538233,040266,387253,007136,347241,140158,574190,942180,577182,465180,768162,116555,772143,353125,122185,378111,773151,014138,328146,99492,47346,82415Description:Inthefourthquarterof2022,around1.35millionuniquephishingsitesweredetectedworldwide,representingaslightincreasefromtheprecedingquarter.Byfar,thenumberofuniquephishingsiteshasseenthemostsignificantjumpbetweenthesecondandthethirdquartersof2020,fromnearly147thousandtoapproximately572thousand.ThisfigureisbasedonthenumberoftheuniquebaseURLsofthephishingsites.ReadmoreNote(s):Worldwide;Q32013toQ42022;basedonAPWGobservations;widerindustrymetricsmayvarySource(s):APWGCountriesmosttargetedbyphishingattacksworldwidein2022Phishing:distributionofattacks2022,bycountryShareofattackedusers0%2%4%6%8%10%12%14%16%18%17.03%VietnamMacau13.88%MadagascarAlgeria12.04%11.05%EcuadorMalawi11.05%10.91%Brunei10.59%Brazil10.57%10.43%10.33%MoroccoPortugal16Description:In2022,usersinVietnamweremostfrequentlytargetedbyphishingattacks.Thephishingattackrateamonginternetusersinthecountrywas17.03percent.Intheexaminedyear,Macaowasthesecondregion,withanattackrateofnearly14percent,whileMadagascarfollowedwith12percent.ReadmoreNote(s):Worldwide;2022;shareofusersencounteringphishingoutofthetotalnumberofKasperskyusersinthatcountry/territorySource(s):KasperskyLabTypeofinformationmostfrequentlyrequestedthroughphishingkitsworldwidein2022Globaldatapointscommonlyrequestedviaphishingkits2022Shareofanalyzedkits40%

50%0%10%20%30%60%70%80%90%100%98%110%NameE-mailaddress73%Homeaddress66%Password58%Creditcardinformation29%17Description:In2022,almostalldetectedphishingkitsattemptedtogatherthenamesoftargets.Threeinfourphishingkitsalsorequestede-mailaddresses,while66percenttriedaccessinghomeaddressinformation.

ReadmoreNote(s):Worldwide;2022;basedonX-Forcedetections;widerindustrymetricsmayvarySource(s):IBMDistributionoftop-leveldomainsusedbyphishingsitesin2022DistributionofTLDsusedbyphishingsitesin202260%50%40%30%54.44%20%10%0%17.69%.com13.71%.xyz7.85%.fun3.89%.org1.8%.top1.52%.ru1.13%0.98%.co.uk0.98%.de0.92%.se.com.brOther18Description:In2022,approximately18percentofphishingsitesusedatop-leveldomain(TLD)of.com.Meanwhile,.xyzwasthesecondmostusedtop-leveldomain.Thiswasusedbyabout14percentofphishingsites.Thedomain.funfollowed,withnearlyeightpercentofphishingattacksusingit.ReadmoreNote(s):Worldwide;2022Source(s):KasperskyLabCHAPTER

03TypesofphishingMobilephishingencounterrateworldwidein2022,bycountryMobilephishingrateinselectedmarkets2022MobilephishingencounterrateDevicecompromise20%

30%Credentialtheft40%0%10%50%47.8%48.5%60%70%PeruBahamasArgentinaColombiaTaiwanEstoniaBangladeshEthiopia56.9%56.1%51.2%55.8%55.4%48.1%47.1%52.2%53%51.5%32.8%50%49.3%48.1%46.4%37%40.4%Coted'IvoireAzerbaijanEgypt66.1%46.2%45.8%45.5%42.6%Japan20Description:In2022,usersbasedinPeruhadanapproximately57percentencounterratewithmobilephishingattackswiththepurposeofcredentialtheft.Incomparison,usersinthecountryhada48percentencounterratewithmobilephishingattacksfinalizedtousers'devicescompromise.Amongtheexaminedmarkets,userslocatedinNewZealandhadalowerencounterratewithmobilephishingattacksaimedatcompromisingtheirdevicesandstealingtheircredentials.

ReadmoreNote(s):Worldwide;2022;acrossAndroidandiOS,datacollectedwithLookoutPhishingProtectionSource(s):LookoutDistributionofbusinesse-mailcompromise(BEC)typesinworldwideorganizationsfromJanuarytoApril2023Globalbusinesse-mailcompromise(BEC)types2023Other5.22%Businessinformation4.4%Giftcard4.87%Invoice8.29%Payroll14.87%Lure62.35%21Description:Inthefirstfourmonthsof2023,themostcommontypeofbusinesse-mailcompromise(BEC)scamstargetingorganizationsworldwidewasintheformofluring,withoversixintenorganizationsencounteringit.Scamstargetingpayrollinformationwerethesecond-mostcommontypeofBECscam.ReadmoreNote(s):Worldwide;JanuarytoApril2023;basedonMicrosoftThreatIntelligenceobservationsandcharacterizationSource(s):CybersecurityandInfrastructureSecurityAgency;FBI;MicrosoftDistributionofbusinesse-mailcompromise(BEC)threatsworldwidein2022,byregionGlobalBECthreats2022,byregionShareofdetections30%0%10%20%40%50%60%Americas26.3%Europe10%Oceania9.5%AsiaAfrica3.3%0.7%Others50.2%22Description:In2022,mostbusinesse-mailcompromise(BEC)threatstargetedusersintheAmericas.Europewasthesecond-mosttargetedregionbyBECscams,withtenpercentofdetectedthreats,closelyfollowedbyOceania,with9.6percent.

ReadmoreNote(s):Worldwide;2022;basedonTrendMicroSmartProtectionNetworkdetections;widerindustrymetricsmayvarySource(s):TrendMicroShareoforganizationsworldwidetargetedbysmishingattacksin2021and2022Smishingattacksinglobalorganizations2021-202280%76%75%70%60%50%40%30%20%10%0%2021202223/statistics/1306234/volume-smishing-attacks-organizationsAccordingtoasurveyofITprofessionalsandworkingadultsworldwide,in2022,threeinfourrespondentsreportedthattheirorganizationhadencounteredsmishingattacks.Thisfigurehasincreasedbyonlyonepercentagepointsincethepreviousyear.ReadmoreNote(s):Worldwide;2021to2022Source(s):ProofpointShareoforganizationsworldwidetargetedbyvishingattacksin2020and2022Volumeofvishingattacksonglobalorganizations2020-202280%70%60%71%69%54%50%40%30%20%10%0%20202021202224Description:AccordingtosurveysofworkingadultsandITprofessionalsconductedin2022,almostsevenin10respondentsreportedhavingencounteredvishingattacks.Thisrepresentsanincreasefrom54percentin2020.Vishingattacksareatypeofsocialengineeringattackperformedoverphonecallsorvoicemessagesforphishing.ReadmoreNote(s):Worldwide;2020to2022Source(s):ProofpointDistributionofspear-phishingattacksworldwidein2022,bytypeGlobalspear-phishingattackdistribution2022,bytype50%47%45%40%35%30%25%20%15%10%5%42%8%3%0.3%0%ScammingPhishingBECExtortionConversationhijacking25Description:In2022,47percentofspear-phishingattacksworldwidewerescams,makingitthemostcommontypeofcyberattackinthiscategory.Phishingrankedsecond,with42percentoftheattacks,whilebusinesse-mailcompromise(BEC)madeupeightpercentofthetotalspear-phishingattacks.ReadmoreNote(s):Worldwide;2022Source(s):BarracudaNetworksShareoffinancialphishingattacksworldwidefrom2016to2022Globalshareoffinancialphishingattacks2016-202260%53.8%51.4%50%40%30%20%10%0%47.5%44.7%41.8%37.2%36.3%201620172018201920202021202226Description:In2022,around36percentoftotalphishingattacksworldwidetargetedfinancialinstitutions,downfromnearly42percentin2021.Amongtheorganizationsattackedbyfinancialphishing,deliverycompanieswerethemosttargeted,withmorethan27percentofphishingattacksinvolvingthem.ReadmoreNote(s):Worldwide;2022;attacksdetectedbyKasperskyLabs,widerindustrymetricsmayvarySource(s):KasperskyLabDistributionoffinancialphishingattacksworldwidein2022,bytypeoforganizationGlobalfinancialphishingattackshare2022,bycompanytypeOther7.38%Instantmessenger2.02%Onlinegame2.84%Deliverycompany27.38%Socialnetwork6.83%Web-service8.24%E-shop15.56%Globalinternetportal8.97%Bank10.39%Paymentsystem11.00%27Description:In2022,deliverycompaniesweretargetedmostbyphishingattacks.Theyaccountedforover27percentoffinancialphishingattacksworldwide.E-shopsrankedsecondwithnearly16percent,whilepaymentsystemsfollowedwith10.39percentofthephishingattacksintheexaminedyear.ReadmoreNote(s):Worldwide;2022;AttacksdetectedbyKasperskyLabs;widerindustrymetricsmayvarySource(s):KasperskyLabCHAPTER

04PhishingatworldwideorganizationsShareoforganizationsworldwidehavingexperiencedasuccessfule-mail-basedcyberattacksin2022,bycountryandregionGlobalorganizationsfacingsuccessfule-mailattacks2022,bycountryandregionShareoforganizations0%10%20%30%40%50%60%70%80%90%IndiaUnitedStatesAustralia82%80%74%France71%UnitedKingdomBenelux54%85%DACH81%Nordics68%Global75%29Description:AsofDecember2022,threeinfourorganizationsworldwidestatedhavingexperiencedanysuccessfulemail-basedcyberattacks.Amongsurveyedcountries,Indiahadthehighestshareofcompaniesexperiencingphishingattacks.TheUnitedStatesrankedsecond,with80percent,whileAustraliafollowed,with74percent.AmongselectedEuropeanregions,Beneluxrankedfirst,with85percent.ReadmoreNote(s):Worldwide;December2022;1,350respondents;attacksexperiencedinthepast12months;

ITmanagersandtechnicalITprofessionals,seniorITsecuritymanagers,andseniorITandITsecuritydecisionmakersSource(s):BarracudaNetworks;VansonBourneImpactofsuccessfule-mail-basedattacksinorganizationsworldwideasofDecember2022,byorganizationsizeGlobalorganizationsimpactfromsuccessfule-mailattacks2022,byorganizationsizeImpact1,000-2,500

employees500-999

employees250-499

employees100-249

employeesDowntimeandbusinessdisruption47%35%51%42%42%51%36%44%Lossofsensitive,confidential,orbusiness-criticaldataBrandandcompanyreputationdamageHurtthereputationoftheITteamLossofemployeeproductivityDirectmonetarylosstocybercriminalsRecoverycosts38%38%42%32%32%3%40%42%37%35%33%2%48%46%45%35%29%2%39%31%31%32%27%1%Therewasnoimpact30Description:AsofDecember2022,overhalfoftheorganizationswith500to999employeesworldwidethatencounteredemail-basedcyberattacksexperienceddowntimeandbusinessdisruption.Amongcompanieswith250to499employees,51percentlostsensitive,confidential,orbusiness-criticaldata.Thelatteralsoexperiencedrepercussionslikebrandandcompanyreputationdamage.ReadmoreNote(s):Worldwide;December2022;1,012respondents;

ITmanagersandtechnicalITprofessionals,seniorITsecuritymanagers,andseniorITandITsecuritydecisionmakersSource(s):BarracudaNetworks;VansonBourneShareoforganizationsworldwideexperiencingaccounttakeoverincidentsin2022Globalshareofcompaniesexperiencingaccountcompromise202280%70%60%50%40%30%76%24%20%10%0%AtleastonecompromisedaccountNocompromisedaccounts31Description:In2022,almostoneinfourorganizationsworldwideexperiencedacompromiseofatleastoneaccount.ADecember2022researchofcompaniesfromaroundtheglobefoundthat74percentofsurveyedcompaniesdidnotexperienceanyaccountcompromiseincidentsinthepreceding12months.ReadmoreNote(s):Worldwide;December2022;incidentswithinthelast12monthsSource(s):BarracudaNetworksDistributionofuntrustworthye-mailsreportedbyemployeesworldwidein1stquarter2023,bytypeGlobalemployee-reportede-mailsQ12023,bytypeMalicious7.7%DoNotEngage15.9%Nothreatdetected76.4%32Description:Inthefirstquarterof2023,theshareofmaliciouse-mailsreportedbyemployeesworldwidewasabouteightpercent.Anadditional15.9percentofreportedmaliciouse-mailwereoftheDoNoEngagetype,whichisatypeofe-maildefinedassuspiciousmessagesrequiringinteractionwiththesendertoverifymaliciousintent.ReadmoreNote(s):Worldwide;Q12023Source(s):PhishLabsDistributionofmaliciouse-mailsreportedbyemployeesworldwideinfirstquarter2023,bytypeGlobalemployee-reportedmaliciouse-mailsdistributionQ12023,bytypeResponse-based40.5%Credentialtheft58.2%Malwaredelivery1.3%33Description:Inthefirstquarterof2023,fourin10maliciouse-mailsreceivedbyworldwideemployeeswereresponse-basedore-mailimpersonationattacks.Afurther58percentofthemaliciouse-mailswereaimedatcredentialtheft,while1.3percentwereidentifiedasmalwaredelivery.ReadmoreNote(s):Worldwide;Q12023Source(s):PhishLabsAveragefailureratesforsimulatedphishingattacksinworldwideorganizationsin2021and2022,bydepartmentGlobalfirmsfailureratesforphishingsimulations2022,bydepartmentShareofrespondents202120226%0%2%4%8%10%12%14%DevelopmentResearchanddevelopmentSupplychainManagementLegal13%10%12%10%10%11%11%11%11%9%9%9%10%MarketingFacilities10%10%SalesFinanceHumanresourcesLogisticsAdministrationservices10%10%10%10%10%10%8%9%34Description:A2022surveyfoundthatthemostcriticaldepartments,suchasdevelopment,research&development,supplychain,andmanagement,demonstratedthehighestfailurerateforphishingsimulations.Thesecurityandinformationtechnologydepartmentshadthelowestrate.ReadmoreNote(s):Worldwide;2021and2022Source(s):ProofpointCHAPTER

05MostaffectedindustriesOnlineindustriesworldwidemosttargetedbyphishingattacksasof4thquarter2022PhishingmosttargetedindustrysectorsworldwideQ42022Percentageofattacks15%0%5%10%20%25%30%FinancialinstitutionSaaS/WebmailSocialmediaLogistics/ShippingPayment27.7%17.7%10.4%9%6%E-commerce/RetailTelecom5.6%3.1%2.3%CryptocurrencyOther18.2%36Description:Duringthefourthquarterof2022,nearly28percentofphishingattacksworldwidetargetedfinancialinstitutions.Furthermore,web-basedsoftwareservicesandwebmailaccountedforalmost18percentofattacks.Socialmediafollowed,witharound10percentofregisteredphishingattacks.ReadmoreNote(s):Worldwide;Q42022Source(s):APWGWorldwideorganizationsmosttargetedbyphishingattacksin2022,byindustryPhishing:mosttargetedorganizationsworldwide2022,byindustryPercentageoftotalphishingattacks0%5%10%15%20%25%30%DeliverycompaniesOnlinestores27.38%15.56%Banks10.39%10.39%PaymentsystemsGlobalinternetportalsSocialnetworks8.97%6.83%InstantmessagingservicesFinancialservicesWebservices2.02%1.94%8.24%Onlinegames2.84%37Description:In2022,deliveryservicessawmorethan27percentofphishingattacksworldwide,makingitthemosttargetedindustrybyphishing.Onlinestoresrankedsecond,whilebanksandpaymentsystemsfollowed,withover15and10percentoftheattacksdirectedtotheseindustries.ReadmoreNote(s):Worldwide;2022Source(s):KasperskyLabAveragecostofthemostexpensivee-mailattackinworldwideorganizationsin2022,byindustry(inmillionU.S.dollars)E-mailattacksaveragecostinglobalcompanies2022,byindustryCostinmillionU.S.dollars0.00.20.40.60.81.01.21.41.6BusinessandprofessionalservicesMedia,leisure,andentertainmentEnergy,oil/gas,andutilitiesFinancialservices1.51.471.311.27IT,technology,andtelecomsRetail,distribution,andtransportHealthcare(publicandprivate)OthercommercialsectorConstructionandpropertyConsumerservices10.980.980.950.850.8Publicsector0.610.59Manufacturingandproduction38Description:AsofDecember2022,theaveragecostofthemostexpensivee-mail-basedattackworldwidewasthehighestinthebusinessandprofessionalservicesindustry,around1.5millionU.S.dollars.ThisfigurereferstotheattacksrecordedbetweenJanuaryandDecember2022.Themedia,leisure,andentertainmentsectorsrankedsecond,withtheaveragelossesthroughthemostexpensivee-mail-basedattacksamountingtoapproximately1.47millionU.S.dollars.

ReadmoreNote(s):Worldwide;December2022;1,012respondents;mostexpensivee-mailattackorganizationsexperiencedinthepast12monthsSource(s):BarracudaNetworks;VansonBourneAveragefailureratesforphishingsimulationsinworldwideorganizationsin2021and2022,byindustryFailureratesfor