Cofense Report Reveals 10 Percent of User-Reported Emails Across Key Industries are Malicious, Over Half Tied to Credential Phishing

Share Now


The 2018 State of Phishing Defense Report highlights top phishing email subjects and industries most susceptible and resilient to phishing attacks

Leesburg, VA – October 11, 2018 – Cofense™, the leading provider of human-driven phishing defense solutions worldwide, today released the findings of their report, “The State of Phishing Defense 2018: Susceptibility, Resiliency, and Response to Phishing Attacks” which reveals today’s top phishing attacks and how companies can effectively manage those risks.

Recent industry reports show that email delivers a staggering 92% of malware1 and by the end of 2017 the average email user received 16 malicious emails per month.2 While it’s impossible to completely eliminate phishing and email-based threats, organizations look to minimize the risk associated with those threats. The Cofense report features real and simulated threat findings generated from their internal research teams and across a sampling of their global customer base; real data from 1,400 customers in 50 countries and 23 major industries, including half of the Fortune 100.

Overall, Cofense analyzed more than 135 million phishing simulations, 800,000 reported emails and nearly 50,000 real phishing campaigns targeting organizations in 23 industries ranging from healthcare, financial services to manufacturing. The findings highlighted that thus far in 2018, one in ten reported emails were verified as malicious and more than half of those were tied to credential phishing where a fraudulent email attempts to gather login and system information from users.

Other key findings include:

  • 21 percent of reported crimeware emails contained malicious attachments.
  • The term “Invoice” is one of the top phishing subjects and appeared in six of the ten most effective phishing campaigns in 2018.
  • The overall resiliency rate of users has grown over the past four years, thanks in part to a big increase in the reporting rate (6 percent, up from 14 percent three years ago).
  • Companies in the utilities and energy industries built up the most resiliency to phishing over time, but all industries considered critical infrastructure still have work to do.

“We founded Cofense on the principal that the human element, the users who are targeted, are a critical factor in defending against phishing threats,” said Aaron Higbee, Co-founder and CTO of Cofense. “We see phishing emails bypass technology controls every day and more and more end-users recognizing and reporting these threats that slipped past million-dollar defenses. The results of our research detailed in the ‘State of Phishing Defense’ shows that resiliency is building across key industries thanks to those same people that were once deemed as the weakest-links in an organization. These trends are powerful and reinforce that humans are a key element to a successful security program.”

The full report is available for download here:

Report Methodology

Cofense correlated customer simulation data with real attack data seen in Cofense’s Phishing Defense Center, a managed service that analyzes thousands of reported phishing emails every day. Findings were fortified by the insights of Cofense IntelligenceTM, which collects millions of malicious emails daily and performs human analysis on thousands of real phishing campaigns per month.

About Cofense

Cofense™, formerly PhishMe®, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches. Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise. To learn more, visit

Media Contact

Nick Lagalante

Global Corporate Communications



P: +1.571.393.2403



  1. Verizon, Data Breach Investigations Report, 2018.
  2. Symantec, Internet Security Threat Report, 2018.

Read More Related Phishing Blog Posts


We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on as a development site.