Skip to main content
Springer Nature Link
Log in

Phishing Susceptibility Across Industries

  • Conference paper
  • First Online:
Augmented Cognition (HCII 2022)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13310))

Included in the following conference series:

  • 1483 Accesses

Abstract

Research into the human factors of cyber security is becoming increasingly important in helping to understand how human behaviour can be influenced in the modern age of human targeted cyber-attacks. Phishing is one of the most prevalent methods used to socially engineer human targets, and as such it is important to establish which factors may influence susceptibility to phishing emails. The majority of research has thus far been dedicated to individual level and semantic factors of susceptibility, while other important issues such as organisational context have been largely absent. This paper explores whether industry type influences behaviours resulting from phishing simulations. Here we present a large sample of real-world data from phishing simulations deployed to employees from banking, education, healthcare and pharmaceutical organisations and construction. Analyses were conducted across multiple potential responses - opening an email, clicking a link, replying to the email, entering data, and reporting the email as suspicious. The results revealed significant differences in susceptibility to phishing depending on which industry type employees belonged to. Consistent with previous work, the banking industry had the fewest number of employees engaged in opening phishing emails and clicking links. Implications for future work and industry professionals are discussed.

Supported by KnowBe4, inc.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ali, R.F., Dominic, P.D.D., Ali, K.: Organizational governance, social bonds and information security policy compliance: a perspective towards oil and gas employees. Sustainability 1220, 8576 (2020)

    Article  Google Scholar 

  2. Grilli, M.D., et al.: Is this phishing? Older age is associated with greater difficulty discriminating between safe and malicious emails. J. Gerontol. Ser. B 76(9), 1711–1715 (2021)

    Article  Google Scholar 

  3. Flores, W.R., Holm, H., Nohlberg, M., Ekstedt, M.: Investigating personal determinants of phishing and the effect of national culture. Inf. Comput. Secur. (2015)

    Google Scholar 

  4. Bailey, P.E., Leon, T.: A systematic review and meta-analysis of age-related differences in trust. Psychol. Aging 345, 674 (2019)

    Article  Google Scholar 

  5. Aleroud, A., Abu-Shanab, E., Al-Aiad, A., Alshboul, Y.: An examination of susceptibility to spear phishing cyber attacks in non-English speaking communities. J. Inf. Secur. Appl. 55, 102614 (2020)

    Google Scholar 

  6. Diaz, A., Sherman, A.T., Joshi, A.: Phishing in an academic community: a study of user susceptibility and behavior. Cryptologia 441, 53–67 (2020)

    Google Scholar 

  7. Tian, C., Jensen, M.L., Durcikova, A: Phishing susceptibility across industries: the differential impact of influence techniques. In: Proceedings of the 13th Pre-ICIS Workshop on Information Security and Privacy, vol. 11, pp. 1–20 (2018)

    Google Scholar 

  8. Kumaraguru, P., et al.: School of phish: a real-world evaluation of anti-phishing training. In: Proceedings of the 5th Symposium on Usable Privacy and Security, pp. 1–12 (2009)

    Google Scholar 

  9. Li, W., Lee, J., Purl, J., Greitzer, F., Yousefi, B., Laskey, K.: Experimental investigation of demographic factors related to phishing susceptibility. In: Proceedings of the 53rd Hawaii International Conference on System Sciences (2020)

    Google Scholar 

  10. Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F., Downs, J: Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2020)

    Google Scholar 

  11. Tembe, R., Hong, K.W., Murphy-Hill, E., Mayhorn, C.B., Kelley, C.M.: American and Indian conceptualizations of phishing. In: 2013 Third Workshop on Socio-Technical Aspects in Security and Trust, pp. 37–45. IEEE (2013)

    Google Scholar 

  12. Canfield, C.I., Fischhoff, B., Davis, A.: Better beware: comparing metacognition for phishing and legitimate emails. Metacogn. Learn. 1433, 343–362 (2019)

    Google Scholar 

  13. Verizon RISK Team et al. 2021: DBIR 2021. https://www.verizon.com/business/en-sg/resources/reports/dbir/2021/masters-guide/summary-of-findings. Accessed 15 Dec 2021

  14. Barracuda 2020. https://www.oodaloop.com/briefs/2020/03/27/667-spike-in-email-phishing-attacks-due-to-coronavirus-fears/. Accessed 01 Dec 2021

  15. National Association of Women in Construction. https://www.nawic.org/nawic/Statistics.asp. Accessed 01 Jan 2021

  16. Wang, J., Li, Y., Rao, H.R.: Overconfidence in phishing email detection. J. Assoc. Inf. Syst. 17(11), 2 (2016)

    Google Scholar 

  17. Halevi, T., Lewis, J., Memon, N: Phishing, Personality Traits and Facebook. Cornell University Library. https://arxiv.org/abs/1301.7643 (2013)

  18. Roer, K., Eriksen, A., Pterič, G: The Security Culture Report 2020. KnowBe4 Research (2020). https://www.knowbe4.com/hubfs/Security-Culture-Report.pdf

  19. Roer, K., Eriksen, A., Pterič, G: The Security Culture Report 2021. KnowBe4 Research (2021). https://www.knowbe4.com/organizational-cyber-security-culture-research-report

  20. Priestman, W., Anstis, T., Sebire, I.G., Sridharan, S., Sebire, N.J.: Phishing in healthcare organisations: threats, mitigation and approaches. BMJ Health Care Inform. 26(1) (2019)

    Google Scholar 

  21. Singh, N: Online frauds in banks with phishing. J. Internet Banking Commer. 1–27 (2007)

    Google Scholar 

  22. Kwak, Y., Lee, S., Damiano, A., Vishwanath, A.: Why do users not report spear phishing emails? Telemat. Inform. 48, 101343 (2020)

    Google Scholar 

  23. Services, S.: IBM Infographic: Cyber Security Intelligence Index. IBM: Armonk, NY, USA 2014. http://www.935IBM.com/services/us/en/it-services/2014-cyber-security-index-infographic. Accessed 10 Jan 2022

  24. Sommestad, T. and Karlzén, H: A meta-analysis of field experiments on phishing susceptibility. In: 2019 APWG Symposium on Electronic Crime Research (eCrime), pp. 1–14 (2019)

    Google Scholar 

  25. Mohebzada, J.G., El Zarka, A., BHojani, A.H., Darwish, A.: Phishing in a university community: two large scale phishing experiments. In: 2012 International Conference on Innovations in Information Technology (IIT), pp. 249–254 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. KnowBe4 Research AS, Kristian Augustsgate, 13, Oslo, Norway

    Thea Mannix, Anita-Catrin Eriksen, Jacopo Paglia & Kai Roer

  2. Faculty of Social Sciences, University of Ljubljana, Kardeljeva ploscad 5, 1000, Ljubljana, Slovenia

    Gregor Petrič

Authors
  1. Thea Mannix
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gregor Petrič
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anita-Catrin Eriksen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jacopo Paglia
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kai Roer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thea Mannix .

Editor information

Editors and Affiliations

  1. Soar Technology Inc., Orlando, FL, USA

    Dylan D. Schmorrow

  2. Katmai Government Services, Orlando, FL, USA

    Cali M. Fidopiastis

6 Appendix

6 Appendix

Table 3. Pairwise comparisons between industries by dependent action variable. P-values significant (*) at 0.05.
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mannix, T., Petrič, G., Eriksen, AC., Paglia, J., Roer, K. (2022). Phishing Susceptibility Across Industries. In: Schmorrow, D.D., Fidopiastis, C.M. (eds) Augmented Cognition. HCII 2022. Lecture Notes in Computer Science(), vol 13310. Springer, Cham. https://doi.org/10.1007/978-3-031-05457-0_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-05457-0_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-05456-3

  • Online ISBN: 978-3-031-05457-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics