skip to main content
4.7/5
Customers rate us on G2
See our reviews on G2.

How to increase your phishing report rate

CategoryHuman Risk Management
Lexie Taylor-East, Content Marketing Manager
ByLexie Taylor-East
Date
Read time
Back to Blog

Undoubtedly one of the most prevalent threats businesses face today is phishing. Almost 1.2% of all emails sent are malicious, that amounts to roughly 3.4 billion phishing emails each day

Cyber criminals will spoof sender identities to trick victims into opening emails from familiar names, such as trusted brands or even their colleagues or CEO. 

However, there is a silver lining: the rates of phishing reporting are on the rise. This increase is crucial, as it enables organisations to quickly identify and respond to potential threats. In this blog, we'll delve into the reasons behind this positive trend and share strategies to further enhance phishing reporting within your company.

 

Phishing report rates are on the rise 

It is definitely a positive sign that, as an industry, we seem to be getting better with regard to phishing test reporting. The 2024 Verizon DBIR reported that the overall reporting rate of phishing has been growing over recent years. 

Phishing email report
(Figure above: 2024 Data Breach Investigations Report | Verizon

Hooray. But why now? 

The rising rates of employees reporting phishing to their Security and IT teams can likely be attributed to several interconnected factors. First and foremost, increasing awareness and education about phishing threats have empowered employees to recognise suspicious activities. 

Organisations are also increasingly recognising the importance of building and reinforcing an open culture around cyber security, where employees feel safe and encouraged to report potential threats without fear of reprimand. Remember, you cannot have a secure culture, without a just culture. 

Furthermore, advancements in technology, such as integrated reporting tools and automated alerts, simplify the reporting process, making it easier for employees to flag suspicious emails. The establishment of incentive programmes that recognise and reward proactive reporting also acts as a motivating factor. 

As employees become more engaged and aware of their role in maintaining corporate cyber security, the collective effort to combat phishing increasingly transforms into a unified organisational initiative.

Best practices for creating a culture of reporting 

Encouraging a culture of reporting is essential for staying ahead of phishing threats. Employees should feel comfortable reporting phishing emails, even if they have interacted with them. This transparency helps cybersecurity teams understand the types of phishing attacks targeting the organisation and identify any patterns.

To foster a culture of reporting, it's crucial to establish a "no blame" policy. Employees should not fear repercussions for falling victim to phishing attempts or for reporting suspicious emails. Instead, they should be encouraged to report incidents promptly, enabling a swift and effective response from security teams.

Coach employees in the moment 

Traditional, one-and-done training doesn’t cut it. Effective employee coaching occurs at the point of risk. Utilise just-in-time education with real-world phishing examples to educate employees when they are most receptive. Comprehensive coaching is crucial in combating phishing, focusing on recognising threats and reacting appropriately.  

Additionally, conducting attack simulations is a powerful tool, allowing staff to practise identifying and reporting suspicious emails in a controlled environment. This hands-on experience significantly reduces the risk of successful phishing attempts over time.

Conduct intelligent phishing simulations 

Not all phishing simulations are created equal. Cyber criminals don't just send generic emails to every employee simultaneously; their methods are personalised, targeted, and crafted for maximum impact. Shouldn't phishing simulations mirror this strategy?

Harnessing AI-driven scenario selection can significantly enhance employee preparedness for real-world attacks. By simulating brand impersonation attacks tailored to the SaaS applications employees frequently use, you can deliver truly targeted training experience. This approach equips employees to better handle spear phishing and other targeted phishing attacks by closely replicating the actual threats they might encounter.

Have a clear reporting mechanism 

Time is of the essence when dealing with phishing attacks. A clear and straightforward reporting mechanism is vital for managing phishing threats effectively. Employees should know exactly how to report suspicious emails and whom to contact in case of potential phishing incidents. This clarity ensures that concerns are addressed promptly, minimising the risk of a successful attack.

CultureAI’s ‘Report Phishing’ button simplifies the reporting process. With a single click, employees can flag suspicious emails directly to the security team for further analysis, enabling rapid investigation and response. By eliminating manual reporting methods, this significantly reduces the Mean Time to Resolution. 

Report phishing button

What to look for in an integrated reporting button:  

  • Streamlines communication between employees and the security team with a one-click reporting button integrated into your email client.

  • Enables automatic communication for rapid report triage and efficient threat management.

  • Provides instant feedback to employees with a pop-up notification when they report a simulated attack or a safelisted item.

  • Ensures a consistent reporting experience for employees, whether they use Microsoft Outlook or Google Gmail, across desktop, web, and mobile platforms.

  • Designs the button to be highly visible with eye-catching icons and bold colours, such as red, to attract attention.

  • Ensures the button is easy to use and accessible, reducing the learning curve and encouraging frequent usage by all users.

  • Seamlessly pushes phishing reports, enriched with risk insights, to your service desk, incident response, SIEM, or SOAR tools.

Reported phishing email report

Increase phishing report rates with CultureAI 

Phishing remains a pervasive threat to all organisations, regardless of size. By empowering your team with the right tools, training, and a strong culture of reporting, you can significantly reduce the risk of successful phishing attacks. Implementing a ‘Report Phishing’ button, conducting regular simulations, and leveraging advanced technologies are essential steps in this process.

For more insights and specialised advice around phishing, consider booking a consultation with our cyber security experts.

Human Risk Management

Top Employee Security Risks You're Probably Not Measuring

Email is just one piece of the puzzle, which is why it is crucial to consider a wide range of employee security behaviours to get a holistic view of your risks. By doing so, you can focus resources more efficiently.

Read blogRead blog
Insights

Nurturing a Resilient Security Culture: An Insider’s Perspective

Discover the transformative power of security culture as we explore its three phases: from traditional training methods, through the integration of real-time testing, to the adoption of trigger-based interventions.

Read blogRead blog