43% of UK SMEs have experienced a phishing attempt through impersonation of staff in the last 12 months. Of those impersonation phishing attempts, it was discovered that two-thirds (66%) had suffered a successful attack, according to CybSafe.
66% is still way more than I expect, but there’s no verifiable source. (Looks like CybSafe has incentive to exaggerate the numbers.) And it’s not clear whether this is “66% of phishing attempts were successful” or “of organizations targeted, 66% suffered at least one successful attack”. Certainly it doesn’t support “you would have likely entered the codes as well”.
Did a quick google. The only statistic I could find for how successful phishing attacks are is https://www.helpnetsecurity.com/2019/09/04/sme-phishing-attacks/:
66% is still way more than I expect, but there’s no verifiable source. (Looks like CybSafe has incentive to exaggerate the numbers.) And it’s not clear whether this is “66% of phishing attempts were successful” or “of organizations targeted, 66% suffered at least one successful attack”. Certainly it doesn’t support “you would have likely entered the codes as well”.
Strong-downvoted pdaa’s comment pending source.