KnowBe4 surveyed employees around the world to gauge their confidence in spotting phishing

Many confident people have also fallen victim in the past

Education and transparency are key to combating phishing, researchers said

Despite being confident in their ability to spot phishing, many employees still fall for such scams, new research has claimed.

A report from KnowBe4 warns about “misplaced confidence” which can cause even more problems for businesses, showing almost all (86%) of respondents believe they can confidently identify phishing emails.

Yet more than half (53%) fell victim to some form of social engineering scams: 24% fell for a phishing attack, 17% were tricked by a social media scam, and 12% were tricked by a deepfake scam.

High confidence often leads to victimization

Employees in South Africa lead the way in both the highest confidence levels and highest scam victimization rate (68%), KnowBe4 explains, hinting that misplace confidence can create a false sense of security.

At the other end of the spectrum are UK employees, who reported the lowest scam victim rate (43%). However, this figure too is down 5% compared to 2021, indicating that vulnerability is rising even in regions with historically high confidence levels.

Training is paramount to combating phishing and social engineering, KnowBe4 says, adding that “fostering a transparent security culture” is equally important. While more than half (56%) of employees feel “very comfortable” reporting security concerns, 1 in 10 still hesitate, either out of fear, or uncertainty.

“The Dunning-Kruger effect, which is a cognitive bias where people overestimate their ability, is alive and well in cybersecurity,” commented Anna Collard, SVP Content Strategy & Evangelist at KnowBe4.

“This overconfidence fosters a dangerous blind spot - employees assume they are scam-savvy when, in reality, cybercriminals can exploit more than 30 susceptibility factors, including psychological and cognitive biases, situational awareness gaps, behavioral tendencies, and even demographic traits.”