Wednesday, June 12, 2024

Insights From KnowBe4’s Annual Phishing Benchmarking Report – Navigating Cyber Threats in Africa


KnowBe4 (, the provider of the world’s largest security awareness training and simulated phishing platform, today released its new 2024 Phishing by Industry Benchmarking Report to measure an organization’s Phish-prone™ Percentage (PPP) (, indicating how many of their employees are likely to fall for phishing or social engineering scams. 

This year’s report shows that according to baseline testing across industries, untrained employees in Africa fare worse at 36.7% than the worldwide average of 34.3%. This means that, in general, employees in African countries are more likely to click on malicious links or comply with fraudulent requests. This marks an increase from the previous year’s report. It is important to keep in mind the considerable linguistic, cultural, and economic diversity of the continent as well as the daunting challenges African countries are currently facing when examining its state of cybersecurity. 

KnowBe4 analysed 54 million simulated phishing tests involving nearly 12 million users across 55,675 organisations in 19 different industries, establishing a PPP baseline indicating the click rates on phishing tests by employees without KnowBe4 security awareness training.

Although the PPP varied greatly across African sectors and countries, the findings in the report still show the effectiveness of combining simulated phishing security tests with security awareness training. Organisations in African countries that engaged in consistent training and testing experienced a significant decrease in their average PPP to 22% within the first 90 days, and a further reduction to 5.9% after a year of continuous training and testing. 

These results are higher than the global average of 18.9% after 90 days and 4.6% after one year of consistent training and testing, suggesting that at least in theory, employees in African countries are more vulnerable to falling victim to cybercrime. This emphasises the need for organisations to focus on mitigating the human risk that exists when safeguarding against cyber threats. 

Despite the challenges faced by African countries, its people, and in turn by the organisations and employees operating in it, the overall decline in PPP over three and 12 months is still significant. This improvement is evidence that transforming cybersecurity culture requires breaking existing habits to make way for more secure ones. As employees embrace new behaviours, they become engrained, evolving into standard practices that shape organisational culture and create a workforce that instinctively prioritises security. 

Some interesting facts highlighted and discussed in the report include:

The expected increase in cyberattacks on government departments and infrastructure
Africa’s increasing usage of technology and connectivity, and the new risks and vulnerabilities it brings
The cybersecurity challenges faced by the continent 
Regulatory compliance laws that exist in certain African countries, while most have none 
The expected economic impact of cybercrime
Sentiment towards AI and new technologies is highly positive across Africa

“Cybersecurity challenges in Africa require a combination of regulation, guidelines and security awareness training. Particular focus is needed on threats like deepfakes used for political manipulation, especially ahead of major elections in various African countries,” says Anna Collard, SVP content strategy&evangelist Africa at KnowBe4. “More public-private partnerships are essential to build capacity, address the skills shortage, and improve resilience in the digital world. Investing in Africa’s youth and providing cybersecurity training opportunities can fill the skills gap and also address youth unemployment.”

This year’s report also examines phishing benchmarks from North America, South America, Europe, United Kingdom&Ireland, Asia, Australia and New Zealand.

To download a copy of the 2024 KnowBe4 Phishing by Industry Benchmarking Report, click here:

Distributed by APO Group on behalf of KnowBe4.

About KnowBe4: 
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Read more