KnowBe4 has launched its “Phishing by Industry Benchmarking Report 2025,” which measures an organisation’s Phish-prone Percentage (PPP) — the percentage of employees likely to fall for social engineering or phishing attacks, indicating the organisation’s overall susceptibility to phishing threats.

This year’s report found a baseline PPP of 32.9% in the UK&I, which is in line with both the global average (33.1%) and European standards (32.5%).

These results highlight a clear trend: organisations of all sizes and industries are becoming more resilient to phishing after undergoing cybersecurity training.

Initially, baseline phishing vulnerability rates (PPPs) varied significantly between small, medium, and large organisations. However, the reduction in PPPs observed after training in the UK&I—an impressive 85% drop, falling to 19% within three months and further to 4.8% after 12 months—is consistent with the global average reduction of 86% across all organisation sizes.

KnowBe4 analysed 67.7 million phishing simulations globally, across 14.5 million users from 62.4 thousand organisations. The baseline PPP (32.5% for Europe) reflects an organisation’s susceptibility to phishing before any KnowBe4 training.

Employees then undergo KnowBe4’s security awareness training with simulated phishing, then the PPP is recalculated after 90 days and again after one year-plus of ongoing training to quantify the program’s effectiveness.

Other Key Takeaways from the Report:

• In the UK&I, Healthcare & Pharmaceuticals, Consumer Services and Hospitality tend to have a higher initial baseline PPP, especially in larger organisations.
• Larger organisations often start with higher baseline PPPs, but show more substantial improvements over time than small or medium organisations.
• The human element in cybersecurity is evolving from a liability to an asset, with cultural changes and empowerment strategies driving significant improvements in phishing resistance.

“The cybersecurity landscape in the UK and Ireland is rapidly evolving, driven by AI advancements, supply chain vulnerabilities, and a shift in how we view the human element in defense,” said Javvad Malik, lead security awareness advocate at KnowBe4. “AI offers both powerful tools and new risks, while supply chain security has become a critical focus due to its interconnected nature.

“The biggest shift, however, is the growing recognition of employees as an essential line of defence, with organisations now fostering a culture of cybersecurity awareness.

“While progress is being made, it is clear from the data in the Benchmarking Report that sustained security training is essential to drive long-lasting change.”

To download a copy of the KnowBe4 Phishing by Industry Benchmarking Report 2025, visit here.

To read more Eskenzi news, click here.