King County phishing test to protect data and files 

Every day, cybercriminal make phishing attempts against King County employees. Some are successful. To help protect critical data and files, KCIT cybersecurity recently sent out simulated emails recently to test our defenses.  

KCIT sent 14,523 simulated phishing emails out. Each employee received one simulated phishing emailOf those, 2,546 emails (17.5%) were opened, and 82.5% were not opened. 

Of those 2,546 opened emails:  

  • 1,349 employees (53.1%) took an unsafe cyber action, while 46.9% did the right thing  and took no unsafe actions. 
  • 495 employees (3.4%) clicked on a link in the email they received, and 96.6% did not. 
  • 126 employees (.9%) replied to the phishing email, and 99.1% did not reply. 
  • 549 employees (3.8%) opened the attachment, and 96.2% did not open the attachment. 
  • 179 employees (1.2%) provided their security credentials, and 98.8% did not provide their login/password credentials. 

Statistically, governmental groups without any cybersecurity training typically show a percentage of 26% unsafe actions in such tests. After one year of cybersecurity training, the overall percentage rate drops to about 6%. 

King County’s overall percentage of users who fell for this simulated attack was 9.3%. The goal is to reduce this number to less than 6% through training and simulations. Thank you for your cooperation, and let’s keep up the good work. For questions, contact the KCIT Help Desk at 206-263-4357 or submit a Help Desk ticket.