The 2024 State of the Phish report by Proofpoint highlighted the prevalence of ransomware incidents and the challenges organizations face in dealing with them.


In 2024 [1], Proofpoint’s State of the Phish report revealed that 69% of organizations experienced successful ransomware incidents [1], with nearly 60% reporting multiple attacks. Over half of the infected organizations paid a ransom [1], but only 41% regained access to data after the initial payment [1]. Cybereason research indicated that 78% of organizations hit by ransomware faced a second attack post-payment [1]. The use of multifactor authentication (MFA) bypass techniques, such as proxy servers and phishing kits [1], is on the rise [1]. Despite this, 89% of cybersecurity professionals still believe MFA offers complete protection [1]. Social engineering tactics [1], including QR codes and Business Email Compromise (BEC) attacks, are evolving [1]. Risky security behavior is common [1], with 71% of working adults admitting to taking risky actions for convenience or time-saving purposes [1]. The report emphasized the importance of behavior change in cybersecurity awareness and training efforts [1], challenging the notion that risky actions stem solely from a lack of cybersecurity knowledge [2] [3]. Ransomware infections remain prevalent [2], with organizations experiencing multiple attacks and a high percentage agreeing to pay attackers [2]. Telephone-oriented attack delivery (TOAD) continues to flourish [2] [3], with employees unknowingly providing credentials or remote access to malicious actors through fraudulent call centers [2]. The tenth annual report by Proofpoint reveals that 68% of employees knowingly put their organizations at risk, leading to ransomware [2] [3], malware infections [2] [3], data breaches [2] [3], and financial loss [2] [3]. While successful phishing attacks have slightly declined [2] [3], the negative consequences have increased [2] [3], with a 144% rise in financial penalties and a 50% increase in reputational damage [2] [3]. The report challenges the belief that risky actions stem from a lack of cybersecurity knowledge [2] [3], highlighting a gap between security technology and user education [3]. Cybercriminals exploit human vulnerabilities [3], with 74% of breaches involving the human element [3]. The abuse of generative AI [3], QR codes [1] [3], and MFA by malicious actors is discussed [3], as well as the false sense of security provided by MFA and the benefits of AI in BEC attacks. Many organizations are unprepared to deal with TOAD attacks, with only 23% educating users on recognizing and preventing them.


The impact of ransomware incidents on organizations is significant, with financial loss [2] [3], data breaches [2] [3], and reputational damage on the rise. Mitigating risky security behavior through behavior change and improved training is crucial to address the evolving threats posed by cybercriminals. The future implications of cybersecurity awareness and education efforts will be key in strengthening defenses against ransomware and other malicious attacks.