While other cyber attacks have become more advanced in a technical sense, phishing has grown more advanced and sophisticated. "Phishing” can mean different things to different people, but we use the term in a general sense. In the context of this report, phishing encompasses all socially engineered emails, regardless of the specific malicious intent (such as directing users to dangerous websites, distributing malware, collecting credentials and so on).

Most vulnerable and high risk institutions are financial and healthcare, targeted heavily since the COVID-19 pandemic.

The report takes an in-depth look at user awareness, vulnerability, and resilience.