1 in 3 workers likely to fall for phishing, social engineering scams: report

'Human error is still a big contributing factor to data breaches'

1 in 3 workers likely to fall for phishing, social engineering scams: report

Almost one in three employees in Asia are likely to click on a suspicious link or comply with a fraudulent request amid increasing cyber-attacks in the region, according to a new KnowBe4 report.

Asia logged an average of 28.4% in terms of Phish-Prone Percentage (PPP), which indicates how many employees are likely to fall for phishing or social engineering scams.

According to the report, this year's PPP in Asia is a slight decline from last year's 30% and is lower than the global average of 34.3%.

Consistent training and testing also further reduced the average PPP among Asian organisations from 28.4% to 17% in the first 90 days. It further went down to 5.5% after a year of continuous training and testing.

Source: KnowBe4

Increasing cyber-attacks

The findings come in the wake of increasing cyber-attacks in the Asia-Pacific region that target sensitive data in both public and private sectors, according to the report.

Citing data from IBM, it revealed that the APAC region accounted for 23% of global cybersecurity incidents in 2023.

Financially, the report also estimated that cybercrime in APAC could "skyrocket into the trillions by 2027."

"The impact of these attacks extends far beyond mere financial losses, inflicting significant damage to organisational reputations, operations, and customer trust," the report read. "The ripple effects are felt across entire industries, hampering growth and innovation."

Impact of AI on cybersecurity

Martin Kraemer, security awareness advocate at KnowBe4, said while it's encouraging to see Asia's phishing results improving, AI-driven threats are expected to increase.

According to the report, the rapid advancement of deepfake technologies and large language learning models, with the addition of voice, image, and video generation introduce "additional potential red flags."

One of the most recent cases of such incident was when a clerk in Hong Kong was duped into transferring HK$200 million after participating in a video conference where all other participants turned out to be AI-generated deepfake personas.

"Although technology is important for preventing and recovering from cyberattacks, human error is still a big contributing factor to data breaches," Kraemer said in a statement.

"So, it's imperative that organisations continue to strengthen the human firewall with regular and focused security awareness training."