When companies are investigating the weak points in their cyber defenses, they must look beyond their IT infrastructure. In most cases, an organization’s biggest security vulnerability does not stem from the machines on its network, but from people on the payroll. And because this is common knowledge to threat actors, social engineering attacks that target employees generally constitute a bigger threat to businesses than cyber campaigns that directly attack computer systems.

Every thirty seconds, a phishing attack occurs somewhere in the world. That comes down to 120 attacks per hour. Industry research doesn’t just show that phishing is incredibly common, but also highlights how costly it is, with losses from a single attack averaging $8,850. This means that every hour, $1,062,000(!) is lost to phishing. Even though this makes phishing a massive threat to companies, a recent report shows that over one third (35%) of employees don’t even know what it is.