33 Phishing Attack Statistics in 2024 Every MSP Should Know About

Welcome to the new reality of AI-generated phishing and social engineering attacks. 

Small business owners and MSPs alike must provide their clients with a line of defense against advanced phishing attacks and other email-related threats. 

Implementing outdated phishing simulations isn’t effective either. An employee might accidentally download a malicious file attachment that could result in a massive security breach.

If that isn’t bad enough, threat actors have begun leveraging AI-powered tools such as ChatGPT and other LLMs to produce more sophisticated phishing prompts. 

AI-generated phishing emails can bypass traditional filters and detection systems with striking accuracy. They can easily mimic the recipient’s writing style and language patterns and use personalized details that make the messages seem incredibly legitimate.

This looming thought gives MSPs and small business owners a lot to consider when it comes to safeguarding their inboxes and their clients’ inboxes from the latest phishing attack threats. 

Here are 33 alarming phishing statistics in 2024 that every MSP should know about.

Corporate Phishing Attacks Skyrocketing

• 94% of organizations experienced phishing attacks. – Email Security Risk Report 2024
• Microsoft remains the most imitated brand, with 43.1% of phishing attempts targeting it. – Zscaler ThreatLabz 2024 Phishing Report
• The median time for users to click on a phishing simulation link was just 21 seconds and 28 seconds to submit sensitive data. – Verizon’s 2024 Data Breach Investigations Report
• BEC attacks accounted for 14% of all impersonation attack activity in corporate inboxes. – Business Email Compromise (BEC) Trends Report
• On average, 3.4 billion phishing emails are sent every day. – 2024 Upfort Phishing Attack Report
• There was a 1,760% YoY increase in social engineering-based Business Email Compromise (BEC) attacks throughout 2023. – Perception Point 2024 Annual Report: Cybersecurity Trends & Insights
• 88% of organizations face spear phishing attempts in a single year – Norton
• 47% of employees cited distraction as the reason for falling for a phishing scam while working from home. – [Tessian Research] The Psychology of Human Error 
• URLs are 4x more likely than phishing attachments to reach users.- Avanan
• Malicious URLs were the most frequently used technique in phishing emails, representing 30.5% of cases. – Hornetsecurity Cyber Security Report 2024
• Over half (55%) of phishing emails contain obfuscation techniques to help cybercriminals avoid detection. – Egress’ Phishing Threat Trends Report
• HTML files were the most common type of attachment found in phishing emails, comprising 37.1% of cases. – Hornetsecurity Cyber Security Report 2024
• In the fourth quarter of 2023, the average top executive in the C-suite saw 42x more phishing attacks using QR codes (Quishing) compared to the average employee. – Dark Reading

Clickbait: Employees Failing Phishing Simulation Tests

• 33.2% of untrained end users will fail a phishing test. – KnowBe4’s State of Phishing Report 2023
• There was a 4% click-through rate on phishing simulation emails. – Fortra’s 2023 Gone Phishing Tournament
• Only 18.3% of emails sent as part of phishing simulations were properly reported by users. – Proofpoint’s 2024 State of the Phish Report
• Organizations with an employee count between 100 and 499 had the highest overall password submission rate (7.3%). – Fortra’s 2023 Gone Phishing Tournament

The Cost of Phishing Attacks

• The average cost of a data breach through a phishing attack is estimated at $4.91 million. – IBM’s Cost of a Data Breach Report 2023
• $17,700 lost every minute due to a phishing attack. – Email Security Best Practices: A Guide to Anti-Phishing Protection
• Losses due to Business Email Compromise (BEC) have hit a record high of $2.9 billion. – Proofpoint
• Phishing-as-a-service subscription prices are as little as $250 per month and provide support for around 200 phishing templates. – Dark Reading 

Phishing-Related Breaches and Email Attack Statistics 

• Phishing attacks accounted for 36% of all US data breaches in 2023. – Verizon’s 2023 Data Breach Report 
• Advanced email attacks have increased by 24% over the first two quarters of 2023 alone. – IRONSCALES Threat Index: Q3 2023 Edition
• 9 out of 10 data breaches in 2023 originated from phishing attacks targeting employees. – Cofense’s 2024 Annual State of Email Security Report
• Spear phishing campaigns make up only 0.1% of all email-based phishing attacks, but they are responsible for 66% of all breaches. – Barracuda’s 2023 Spear-Phishing Trends

A New Era of Cybercrime: AI-Generated Phishing Attacks

• ChatGPT created a phishing login page in less than 10 prompts. – Zscaler ThreatLabz 2024 Phishing Report
• 80% of organizations are concerned about new threats posed by AI – Mimecast’s 2024 State of Email & Collaboration Security
• A 60& YoY increase of nearly 60% in global phishing attacks, fueled in part by the proliferation of generative AI-driven schemes such as voice phishing (vishing) and deep fake phishing – Zscaler ThreatLabz 2024 Phishing Report
• AI detectors cannot tell whether a phishing email has been written by a chatbot or a human in three cases out of four (74%) – Egress’ Phishing Threat Trends Report 

Email Security Protocols Not Effectively Preventing Attacks

• Over 1.5 million malicious emails have evaded Secure Email Gateways (SEG) in 2023. – SC Media
• There was a 104.5% increase in the number of malicious emails bypassing Secure Email Gateways (SEGs). – Cofense’s 2024 Annual State of Email Security Report
• 12% of Fortune 500 companies have no DMARC protocols in place. – SendLayer
• Among the F500 companies that had DMARC records added, 40% had their policies set to ‘none’. – SendLayer

Prevent Phishing Attacks and Advanced Email Threats with Guardz  

Traditional email security methods and protocols just aren’t enough to futureproof your business from evolving phishing attacks. 

Stay ahead of the latest phishing scams and email threats with Guardz AI Multilayered Phishing Protection. Secure all inbound emails and web browsing from a unified cybersecurity platform. The Guardz generative AI-powered model is continuously trained and updated with the latest real-world phishing attack data. 

Instantly remove malicious emails once they have reached your employees’ or clients’ inboxes with one-click remediation capabilities. Keep malicious emails out of your inbox and give your clients peace of mind with Guardz.

Get a demo today to learn more.