Education Phishing Statistics

89% of schools experienced at least one cyber incident in the past year, primarily phishing, unauthorized access, and malware.

92% of school IT leaders expect AI-powered phishing to be the most dangerous threat in the coming year

20% of education institutions reported that they haven’t experienced AI-generated phishing attempts or misinformation campaigns.

36% of education institutions responded 'Not that I know of' when asked about AI-generated phishing attempts or misinformation campaigns.

30% of education institutions reported that AI-generated phishing attempts or misinformation campaigns were contained quickly.

41% of schools said they have faced phishing, misinformation and other disruptive efforts.

11% of education institutions reported that AI-generated phishing attempts or misinformation campaigns caused disruption.

For large organisations, the average Phish Prone Percentage (PPP) after one year of sustained training dropped to 4.9%.

After 90 days of training and simulated phishing tests, the Phish Prone Percentages (PPPs) for the education sector reduced to 19%, 19.4%, and 18% respectively for small, medium, and large organisations.

After one year or more of sustained training, the average Phish Prone Percentage (PPP) for small institutions dropped dramatically to 3.9%.

For medium sized organisations, the average Phish Prone Percentage PPP after one year of sustained training dropped to 5.2%.

KnowBe4's 2024 Phishing by Industry Benchmarking Report found that in the education sector specifically, the baseline PPP (Phish Prone Percentage) for small organisations (1-249 employees) was 33.4%.

HTML attachments make up 82% of malicious email attachments in the education sector

The median time to click on a malicious link after the email is opened is 21 seconds.

It takes only another 28 seconds to enter the data after clicking a malicious link.

For education institutions with 250-999 employees, the baseline Phish Prone Perecentage (PPP) was 31.2%.

For large educational institutions with more than 1,000 employees the baseline Phish Prone Percentage (PPP) was 31.7%.