APAC workers in need of phishing training: report
One in three employees at companies in Australia and New Zealand is likely to engage with a phishing attempt before receiving any phishing awareness training, research from KnowBe4 indicates. But the workforce security company’s 2026 Phishing by Industry Benchmarking Report found that a year of comprehensive security awareness training can reduce phishing susceptibility among these employees by 84%.
A survey of employees across the region and internationally found that large ANZ enterprises are more exposed to phishing attacks, with employees at these companies having a baseline phish-prone percentage of 54.5%, compared to 24.6% for small businesses.
But within 90 days of training, these figures fall to 16.7% for large enterprises and 23.9% for smaller companies. After at least a year of ongoing training, employees at large enterprises are less likely to fall for phishing attempts than their counterparts at smaller companies, at 4.3% to 5.7%. But the report states that reaching and sustaining that threshold requires continuous simulation and remediation instead of merely annual compliance exercises.
The two most vulnerable industries are banking (62%), and health care and pharmaceuticals (41%), and these are among the highest figures of any comparable sector globally, the report found.
KnowBe4 APAC CISO Advisor Dr Kawin Boonyapredee said these findings are a cause for concern.
“As organisations in Australia and New Zealand expand their workforce from humans to include autonomous AI agents, the attack surface grows in ways traditional controls were not designed to address,” he said. “This complexity is being exploited, evidenced by a 17% spike in phishing attacks since late 2025 alone. However, the data proves organisations can combat this through continuous personalised training, which drops employee phishing susceptibility to 5.3% over 12 months.”
The report was compiled based on 42 million phishing simulations across 14.8 million users at 64,000 organisations worldwide.
Critical vulnerabilities doubled in past year: report
Research published by Check Point indicates that critical vulnerabilities have doubled since last...
DigiCert launches Quantum Central tool
DigiCert's recently launched Quantum Central solution can help security and IT teams prepare...
BeyondTrust launches beta solution for taming AI agents
BeyondTrust's in-beta AI Agent Security is designed to prevent AI coworkers and autonomous...
