Email Security Blog

Exploring Phishing Statistics

Agari November 10, 2015 Resources
Fallback Featured Image


At Agari, we are vocal about the steps organizations can take to protect their brands and customers from the impact of phishing attacks. But what exactly are the hard numbers behind our mission?

Let’s look at some phishing statistics showing a clear need for change when it comes to mitigating the phishing problem.

A rising threat

Verizon research has found that phishing is now the second most common cyber threat vector, implicated in a quarter of all data breaches last year.

Phishing continues to grow at a higher rate than malware – according to Google’s Safe Browsing service, the amount of malware websites dropped 18.8% (from 18,454 to 14,977) between 2014 and 2015, while the amount of phishing sites increased by 35% (from 24,864 to 33,571) during the same period.

A waste of resources      

Phishing costs large companies on average $3.7 million a year, a Ponemon study has revealed.

A recent Black Hat survey also found that dealing with phishing and other forms of social engineering is one of the top three things occupying the most time during an infosec employee’s average day, alongside vulnerabilities created by in-house development teams and vulnerabilities in off-the-shelf applications or systems.

An endless stream

According to ESET, people receive 12 spam emails a day – this adds up to 4000 spam emails per person, per year!

An infographic produced by IT Governance indicates that, every day, 156 million phishing emails are sent and 15.6 million make it through spam filters.

A weak spot

IT Governance also reports that once the emails have made it past filters, 8 million are opened, 800,000 recipients click on the links, and 80,000 of them unwittingly hand over their information to criminals.

A Google-led research paper also found that almost half (45%) of the visitors to a phishing web page completed the form and submitted their personal data.

SANS Institute also found that 95% of all attacks on enterprise networks gained access via a spear phishing attack.

The numbers speak for themselves – these are just some of the phishing statistics that demonstrate the scale and severity of the phishing crisis.


Agari Blog Image

June 30, 2017 Todd Weltz

Why are my Google Calendar Invites Blocked by DMARC?

Are you sending Google Calendar invites and not getting replies, or maybe your invitees tell…

Agari Blog Image

January 6, 2016 Agari

Security Infographic: 7 Ways to Protect Customers

To learn more about how email cyber attacks are impacting businesses – both financially and…

Agari Blog Image

December 15, 2015 Agari

Don’t Let Your Customers Be Fooled By Cousin Domains

In the last five years, we’ve all become far too familiar with it – hackers…

Agari Blog Image

November 3, 2015 Nikki Tyson

What is a Spear Phishing Attack?

While “phishing” has entered the vocabulary of most email users, the concept of a spear…

Agari Blog Image

October 28, 2015 Agari

The Finance Industry Is On Alert For Phishing

When cyber criminals mimic trusted brands, they tend to go where the money is by…

mobile image