• Home
  • /
  • Security
  • /
  • Survey: What makes you more likely to click on a phishing email?

Survey: What makes you more likely to click on a phishing email?

By Alison Job
Johannesburg, 17 Oct 2022
Anna Collard, SVP of content strategy and evangelist at KnowBe4 Africa.
Anna Collard, SVP of content strategy and evangelist at KnowBe4 Africa.

ITWeb, in partnership with KnowBe4, conducted a survey on cyber stress and wellness during August 2022. The objective of the survey was to assess how a changing environment is impacting IT professionals and corporate workers, and whether mental stress and burnout are increasing cyber risk. 

According to a VMWare survey, more than half (51%) of cyber security and technology professionals have felt extremely stressed and burnt out in recent months. Stress, burnout and distractions can make staff more likely to fall prey to social engineering tactics such as phishing, which remains the number one way for attackers to access corporate networks. 

The ITWeb/KnowB4 survey aimed to shed some light on the status quo for South African technology professionals compared to their international counterparts, as well as if things have improved or changed since the pandemic. 

Anna Collard, SVP Content Strategy and Evangelist, KnowBe4 Africa, says, “The survey outcomes clearly show that distraction, multi-tasking and stress significantly and negatively impact people’s online security behaviour.”

Three quarters of survey respondents (73%) said that their security and IT teams were stressed. Only 4% said their security and IT teams weren’t stressed at all. Just under half of respondents (46%) said they felt a moderate amount of stress themselves.

A third of respondents (34%) said they were under a high amount of stress and 13% said they were under very high levels of stress. 

Most people (72%) agreed that remote working had positively affected their wellbeing, while 16% said they felt it had made no difference. 

The majority of respondents (82%) said staff mental health and wellbeing was important in their organisation. 

The number one reason for people making security mistakes, such as clicking on a phishing email, was cited as lack of awareness or training (52%), followed by distraction, multitasking and cognitive overload (38%) and stress or feeling overworked or overwhelmed (36%). 

Three quarters of survey respondents (73%) said that their security and IT teams were stressed.

Seventy percent of respondents said that the most effective way to improve their company's security culture would be more security awareness and training. This was followed by in-the-moment training such as phishing simulations (54%), offering people mindfulness tools and training to be less distracted (49%) and behaviour-based monitoring and interventions (49%). 

Gaining more senior management support was ticked by 26% of respondents. 

To cope with the demands of work and stress, respondents are using the activities listed below:

  • Exercise (57%)
  • Prioritising rest and sleep (54%)
  • Connecting with friends and family (54%)
  • Spending time outside in nature (49%)
  • Setting up boundaries (37%)
  • Mindfulness practices such as Yoga and/or meditation (25%) 

Collard says, “In South Africa, the month of October has been declared Mental Health Awareness month. October also marks the international cybersecurity awareness month. And it makes sense to combine these two initiatives and consider a mindfulness approach to improve people’s overall well-being as well as the organisational security culture.“ 

“Techniques such as slowing down, tapping into your senses, becoming aware of your breath or simply taking a walk in nature are all known to help us calm down and improve concentration and overall performance. It will also make us less susceptible to social engineering attacks such as clicking on phishing emails or falling for other online scams. So take that breath, slow down and relax before working on your emails.”