| 71.10% | Global spam email as percent of total email in April 2014 |
| 48.16% | Global spam volume as percent of total email in March 2018 |
| 52% | Percentage of participants in a recent survey who said spam was a major problem |
| 14.5 billion | Spam emails that are sent every day |
| 1 | USA’s rank when it comes to global spam email generation |
| 2 | South Korea’s rank when it comes to global spam email generation |
| 36% | Advertising spam’s contribution to overall spam count |
| 31.70% | Adult spam’s contribution to overall spam count |
| 26.50% | Financial spam as percent of overall spam |
| 2.50% | Scams and fraud as percent of overall spam |
| 73% | Identity fraud as percent of overall scam and fraud email |
| 52% | Companies in a survey that listed minimizing spam as top priority |
| 2.4 billion | Spam emails blocked by MSN every day |
| $20.5 billion | Annual cost to productivity due to spam |
| $1,934 | Productivity cost per employee |
| 12.5 million | Average number of spams sent for every one response |
| $3.5 million | Money that spammers earn annually |
| 4 | Number of times spam increased in 2016 |
| 1 in 131 | Emails that contained a malware in 2016 |
| 60% | Malware that was packaged in JavaScript attachments |
| 26% | Malware that was embedded in malicious macros enabled MS Office documents |
| 26% | The percentage of malware attachments that were disguised as invoices |
| 13% | The percentage of malware attachments that were disguised as documents |
| 10% | The percentage of malware attachments that were disguised as mail delivery failure |
| 25% | Percentage of phishing emails targeting the theft of Apple IDs |
| 17% | Percentage of phishing emails targeting the theft of Microsoft OWAs |
| 10.50% | Percentage of phishing emails targeting the theft of Paypal |
| 13.60% | The clickthorugh rate (CTR) of large phishing campaigns targeting the theft of Dropbox ID |
| 12.80% | The clickthorugh rate (CTR) of large phishing campaigns targeting the theft of Adobe accounts |
| 0.80% | The clickthorugh rate (CTR) of large phishing campaigns targeting the theft of Paypal IDs |
| 78.60% | The clickthorugh rate (CTR) of small phishing campaigns (less than 100 messages) targeting local postal service |
| 25.10% | The clickthorugh rate (CTR) of small phishing campaigns (less than 100 messages) targeting WeTransfer |
| 400 | Number of businesses targeted by BEC (Business Email Compromise) attacks every day |
| $5 billion | Loss due to BEC scams between October 2013 and December 2016 |
| 45% | Increase in BEC attacks in Q4 2016 |
| 870% | Increase in W2 phishing emails in 2017 |
| 76% | Organizations that were a victim of phishing in 2016 |
| 52% | Successful email attacks where victims click within one hour |
| 30% | Successful email attacks where victims click within 10 minutes |
| 76% | The number of breaches that were financially motivated |
| 12% | State affiliated actors involved in attacks |
| 28% | Cyberattacks that were perpetrated by insiders |
| 17% | Data breaches due to employee errors (like failure to shred confidential information) |
| 123456 | The most common password making people vulnerable to cybercrime |
| 4% | Percentage of people who will click on any given phishing campaign |
| 78% | Percentage of people who won’t click on any phishing campaign all year |
| 16 minutes | Time until the first click on a phishing campaign |
| 28 minutes | Time until a report from a savvy user |
| 39% | Ransomware as a percentage of all malware |
| 536 | The number of breaches in the healthcare industry |
| 338 | The number of breaches in the accommodation industry |
| 68% | Percentage of breaches that took months to discover |
| 3% | Percentage of breaches that were uncovered in minutes |
| 60%-70% | Spam emails that made use of malicious URLs independently or with attachments |
| 56% | Percentage of BEC attacks executed through reply-to spoofing |
| 43% | Percentage of BEC attacks executed through display name spoofing |
| 33% | Percentage of malicious emails that had banking trojans |
| 16000 | Number of publishers who offered malicious apps through vendor-sanctioned and third party app stores |
| 167% | Growth in angler phishing (or social media support phishing) |
| 20% | Decrease in malicious URLs distributed through social media |
| 16.25% | Percentage of spam mails targeting Germany (the most in the world) |
| 29.02% | Percentage of users in Brazil affected by phishing (the most in the world) |
| 11% | Percentage of Canadian digital marketers who felt the government’s anti-spam regulation had a dramatic impact on their email marketing campaigns |
| 49% | Percentage of Canadian digital marketers who felt the government’s anti-spam regulation had no impact on their email marketing campaigns |
| 9.9 million | Twitter accounts identified as spammy in May 2018 |
| 214% | Year on year Increase in the number of Twitter accounts being removed for spam violations |
| 17000 | Number of times tweets were reported for spam every day in May 2018 |
| 142,000 | Number of apps using Twitter API that were suspended for spam in Q1 2018 |
| 10.80% | Organizational susceptibility rate to attacks |
| 97% | Consumers who could not correctly identify a phishing scam email in 2015 |
| 45% | Percent of survey respondents who received phishing via phone calls and SMS |
| 3% | Percent of survey respondents who experienced a USB-based social engineering attack |
| 53% | Information Security professionals who experienced spear phishing attacks (messages sent from known or trusted senders) in 2017 |
| 67% | Percentage of spear phishing victims who experienced under 5 attacks per quarter |
| 8% | Percentage of spear phishing victims who experienced 26 or more attacks per quarter |
| 9% | Average click through rate across all simulated attacks |
| 64% | Organizations that measure the cost of phishing via loss of productivity among employees |
| 97% | Organizations that protect against breaches with email spam filters |
| 47% | Organizations that protect against breaches with advanced malware analysis tools |
| 44% | Organizations that protect against security breaches with outbound proxy protection |
| 31% | Organizations that protect against security breaches with URL wrapping |
| 95% | Organizations that train end users to identify phishing emails in 2017 |
| 54% | Information Security professionals who believe training helps reduce phishing susceptibility |
| 79% | Organizations that used computer based awareness training programs to train users on security |
| 68% | Organizations that used phishing simulation exercises to train users on security |
| 35% | Organizations that train users on phishing and security on a monthly basis |
| 25% | Infosec professionals who remove users’ access to system on account of repeatedly falling for phishing attacks |
| 5% | Infosec professionals who charge a monetary penalty from users on account of repeatedly falling for phishing attacks |
| 11% | Infosec professionals who terminate users on account of repeatedly falling for phishing attacks |
| 57% vs. 36% | Organizations in the US vs. the UK who experienced spear phishing campaigns in 2017 |
| 14% vs. 5% | Organization in the US vs. the UK who experienced data loss due to phishing in 2017 |
| 86% vs. 53% | Organizations in the US vs. the UK who assess their susceptibility to phishing attacks |
| 72% | Adults aged 55 and over who were able to successfully recognize phishing |
| 61% | Adults aged 18-29 years who were able to successfully recognize phishing |
| 9% | Average click-through rate for smishing (phishing over SMS) tests |
| 86% | Percentage of phishing attacks targeting people in the United States |
| 16.10% | Percentage of phishing attacks targeting payment services industry |
| 26.10% | Percentage of phishing attacks targeting email and online services |
| 2.30% | Percentage of phishing attacks targeting people in China |
| 0.50% | Percentage of phishing attacks targeting people in India |
| 80% | The percentage drop in phishing attacks targeting British organizations between 2014 and 2018 |
| 33% | Percentage of phishing attacks carried out through sites hosted on a HTTPS server |
| 19% | People polled in a survey who believed a green lock against a website in the browser meant that the website is safe |
| 56% | Percentage of phishing sites hosted in the United States |
| 121% | Percentage annual growth in the number of phishing sites hosted in India in 2017 |
| 1.50% | Percentage of phishing sites that were hosted on a .TK domain |
| 37% | Phishing sites that were hosted on a country TLD (ccTLD) |
Sources:
https://www.statista.com/statistics/420391/spam-email-traffic-share/
https://www.spamlaws.com/spam-stats.html
https://www.propellercrm.com/blog/email-spam-statistics
http://www.techradar.com/news/internet/computing/spam-gets-1-response-per-12-500-000-emails-483381
https://blog.barkly.com/phishing-statistics-2017
https://www.proofpoint.com/us/human-factor-2018?action
http://www.verizonenterprise.com/verizon-insights-lab/dbir/
https://www.proofpoint.com/sites/default/files/pfpt-us-tr-q117-threat-report.pdf
https://usa.kaspersky.com/about/press-releases/2018_fifa-2018-and-bitcoin-among-2017-most-luring-topics
https://blog.twitter.com/official/en_us/topics/company/2018/how-twitter-is-fighting-spam-and-malicious-automation.html
https://info.wombatsecurity.com/hubfs/2018%20State%20of%20the%20Phish/Wombat-StateofPhish2018.pdf?submissionGuid=2ecea77c-aa0d-404a-b0f4-030732e60a3a
https://info.phishlabs.com/hubfs/2018%20PTI%20Report/PhishLabs%20Trend%20Report_2018-digital.pdf
