As we enter National Cybersecurity Awareness Month; cyber-related fraud offences are on the rise in the UK. Cyber-related incidents made up 61% of fraud offences in the year ending March 2022; compared to 53% in the year ending March 2020 – and overall computer misuse increased by 89%.
Women made up the majority of individuals who reported cyber-dependent crime to the National Fraud Intelligence Bureau in 2022; data shows.
Almost half (47%) of reports came from women; one in three (30%) were from men and the remaining individuals did not disclose their gender.
The data also showed that 25-44 year olds are the most likely to receive a phishing message – but 35-44 year olds are most likely to click it.
{{snapshot}}
Phishing fraud by the numbers
- 61% of UK fraud offences were cyber-related in the year ending March 2022, up from 53% in 2020.
- Computer misuse increased by 89% over the same period.
- Women filed 47% of cyber-dependent crime reports to the NFIB in 2022; men filed 30%.
- 25-44 year olds are most likely to receive a phishing message, but 35-44 year olds are most likely to click it.
{{/snapshot}}
Who Is Most Likely To Be Targeted?
A survey from the Office for National Statistics revealed that 35-44 year olds are the most likely age group to be targeted by phishing attacks; with the 25-34 year old age group not far behind.
60% of 35-44 year olds and 58% of 25-34 year olds reported having received a message that may have been phishing; while 5% of 35-44 year olds said they had either replied to or clicked on a link; compared to 2% of 25-34 year olds.
Aiming to raise awareness of phishing for National Cyber Security Month in October; we used the data to build a profile of those most likely to be targeted by phishing.

Fraudsters’ Ideal Phishing Target
- 25-44 years old
- Employed
- Female
- Private renter or homeowner
- Lives in one of the least deprived areas of England
However; the profile for victims of successful phishing attempts was slightly different; with higher percentages of these groups saying they had replied to or clicked a link in a potential phishing message.
Most Likely Phishing Victims
| Attribute | Ideal phishing target | Most likely victim |
|---|---|---|
| Age | 25-44 years old | 35-44 years old |
| Gender | Female | Female |
| Employment | Employed | — |
| Housing | Private renter or homeowner | Social renter |
| Area | One of the least deprived areas of England | One of the most deprived areas of England |
Additionally; over half (54%) of survey respondents had received a message from a fraudster pretending to be from a delivery company; 32% from banks or other financial institutions; and 29% from e-commerce companies.
Cybersecurity For Individuals
Zoe Grylls; customer success manager lead at Hicomply; said: “Cyber criminals rely on creating a sense of urgency; so there are some key things that employees can look out for to recognise a phishing attempt. Is the subject line alarming? Is the content designed to evoke emotion? Curiosity; fear; greed and helpfulness are all used to create urgency so the recipient takes action immediately.
“You might be asked to click on something or give your details to avoid a negative consequence; such as missing an important delivery. As the UK cost of living crisis continues; we’re also more likely to see fraudsters posing as utility companies or other service providers. Money is a huge motivator so be careful and check the information in the message matches with the official information on a company’s website.”
{{snapshot}}
Protecting your business
- Finance was the most-targeted industry in Q1 2022, hit by 23.6% of phishing attacks worldwide.
- SaaS and webmail followed at 20.5%, with e-commerce and retail at 14.6%.
- Invest in training: run regular simulated phishing attacks and use tools like KnowBe4 or Cofense.
- Phishing and its variants were the most reported cyber crime worldwide in 2021, with 324,000 reports.
{{/snapshot}}
Cybersecurity For Businesses
The finance industry was the most targeted in phishing attempts in the first quarter of 2022; seeing almost a quarter (23.6%) of total phishing attacks recorded worldwide. This was followed by software as a service (SaaS) and webmail at 20.5% and e-commerce and retail at 14.6%.
Zoe said: “For businesses; it’s important to invest in training. Run regular simulated phishing attacks; with targeted training if needed. Assess your organisational security awareness and use the results to decide on future training modules for your staff. You can also use tools from dedicated cybersecurity businesses like KnowBe4 or Cofense; which provides a phishing alert button employees can use to flag suspicious emails – you can then blacklist those reported email addresses if they are potentially harmful senders.”
Research company Statista found that phishing and its variations (smishing; vishing and pharming) were the most commonly reported cyber crimes worldwide in 2021; with 324;000 reports. This was almost four times the amount of non-payment/non-delivery reports; the second most commonly reported cyber crime with 82;500 reports.
Methodology
- To raise awareness of National Cybersecurity Awareness month; researchers at Hicomply wanted to identify individuals most likely to be targeted by phishing attacks
- They looked at data from the Office for National Statistics and National Fraud Investigation Bureau (see sources below).
- Experts at the business based the profile of a person most likely to be targeted on the percentage of survey respondents that indicated they had received a message which could be phishing:
- 59% - 25-44 years old
- 56% - employed (vs 39% unemployed)
- 52.5% - private renter or homeowner
- 56% - live in one of the 20% least deprived areas of England)
- And percentage of NFIB-reported cyber dependent crime victims (47% female) from 1 Jan 2022-28 Sept 2022.
- Experts based the profile of a person most likely to fall victim to a phishing attack on the percentage of respondents that indicated they had clicked or replied to a potential phishing message:
- 5% - 35-44 years old
- 7% - social renter
- 5% - live in one of the 20% most deprived areas of England
- And percentage of NFIB-reported cyber dependent crime victims (47% female) from 1 Jan 2022-28 Sept 2022.
Sources
- ONS - Phishing attacks: who is most at risk?
- ONS - Nature of fraud and computer misuse in England and Wales (year ending March 22)
- NFIB - Crime reporting dashboard
- Statista - Commonly reported types of cyber crime
- Statista - Websites most affected by phishing
{{snapshot}}
Hicomply's take
For Hicomply, Go Phish? How To Avoid Falling Foul Of Fraudsters is a reminder that compliance has to work continuously, not just when an audit or customer review appears. Keep ownership clear, collect evidence as work happens, and use automation so the same work can support ISO 27001 and other frameworks; our platform tour shows how that operating model fits together.
{{/snapshot}}






%20(1).png)
%20(1).png)
