Understanding Phishing Reporting Motivations in Organizations

Recent studies highlight the challenges organizations face in encouraging employees to report phishing emails. A 2024 study indicated that factors such as low perceived value and privacy concerns hinder reporting. SoSafe's Adaptive Defence Playbook revealed that 42% of security professionals believe reporting mistakes is limited, with 23% citing fear of consequences as a barrier. The research from a European university identified 21 themes influencing reporting behavior, emphasizing the desire to protect the organization and coworkers as primary motivators. Employees are more likely to report well-impersonated emails, showcasing their ability to assess phishing threats. Understanding these motivations can help improve reporting processes and enhance organizational security culture.

Key Points: • Low reporting rates can indicate employee hesitation or lack of perceived value in reporting. • Primary motivators for reporting phishing emails include a desire to protect the organization and coworkers. • Improving the reporting process can enhance employee engagement and security culture.