Phishing Insights 2021

ResourcesCampaignsSophos Email

Make the most of our partner marketing campaign to reveal the current state of phishing and cybersecurity user education based on a survey of 5,400 IT professionals.

Phishing is still an effective cyberattack technique because it constantly evolves. To keep up, your phishing defenses need to evolve too.

Our new report, Phishing Insights 2021, reveals the state of phishing and cybersecurity user education based on an independent survey of 5,400 IT professionals. Use it to evaluate your customers’ phishing security posture and identify opportunities to evolve their defenses.

It also provides a real-world case study of a phishing email that led to a multi-million dollar ransomware attack.

Phishing means different things to different people

What is phishing? One of the findings from the survey is that even among IT professionals there is wide variation in what people consider to be a phishing attack. The most common understanding is emails that falsely claim to be from a legitimate organization, usually combined with a threat or request for information. While this was the most popular answer, fewer than six in ten (57%) respondents selected this option, illustrating the breadth of meanings understood by phishing.

46% of respondents consider Business Email Compromise (BEC) attacks to be phishing, while over a third (36%) understand phishing to include threadjacking i.e. when attackers insert themselves into a legitimate email thread as part of an attack.


With this extensive variation in understanding of phishing attacks among IT professionals, it’s reasonable to expect a similar or greater range of interpretations among non-IT employees.

This is a useful reminder to be mindful of the different interpretations of the word ‘phishing’ when providing educational resources and user awareness training. Without the correct context, the training will be less effective.

Phishing has increased since the pandemic

70% of survey respondents reported an increase in phishing attacks on their organization since the start of the pandemic. All sectors were affected, with central government experiencing the highest increase (77%), closely followed by business and professional services (76%) and healthcare (73%).

Fortunately, 98% of organizations had their phishing awareness program in place before COVID-19 hit. Thanks to these programs, employees will have been well placed to withstand the barrage of phishing emails over the last year.

While this is good news, it’s also a reminder to regularly review and update phishing awareness materials and activities to keep them fresh and relevant.

Case study: From phish to multi-million-dollar ransomware attack

Invariably, phishing is just one part of a cyberattack. When a victim falls for a phish, it set off a chain of events that can lead to a devastating attack many weeks or months later.

The Sophos Rapid Response team was recently called in to assist a company experiencing a major ransomware attack that started with a phishing email. As the timeline shows, three months passed between the initial phish and the release of the ransomware payload, with multiple adversaries playing different roles in the attack.

Read the full report

Download the full Phishing Insights 2021 report to dive deeper into the state of phishing and cybersecurity user education, and the timeline of this attack.

Get AI-powered phishing protection with Sophos Email

Sophos Email has multiple layers of technology to protect your users’ inboxes from phishing, and is managed from the same Sophos Central platform as our other next-gen solutions – learn more.

Educate your customers

Leverage our marketing campaign consisting of the Phishing Insights 2021 report, promotional emails, Infographic and presentation deck to educate your customers.

Access partner marketing campaign assets