London, UK – 02 March 2021 – Egress, the leading provider of intelligent email security, today released the findings of its 2022 Fighting Phishing: The IT Leader’s View survey, which found only 23% of Board Directors consider ransomware to be their top priority. This is especially concerning as according to the survey, 59% of organizations fell victim to ransomware and a staggering 84% of organizations were victims of phishing, while 98% of organizations deliver anti-phishing training.
New phishing and ransomware attacks continue to make headlines, and Colonial Pipeline, Kaseya, Conti, Log4j and more are still being heavily discussed. Furthermore, Cybersecurity agencies from the United States and the United Kingdom have recently issued statements that highlight the growing threat from the increase in sophistication of ransomware attacks. The Egress 2022 Fighting Phishing: The IT Leader’s View survey confirmed that phishing and ransomware are causing the perfect storm and there is a disconnect about the prioritization of cybersecurity at the Board level. With the growing threat in mind, ransomware and phishing should continue to be a top concern for all organizations as hackers become more sophisticated. Training and technology discussions need to be elevated.
The Egress Fighting Phishing: The IT Leader’s View survey was independently conducted by Arlington Research and polled 500 IT leaders across the U.S. and U.K. from a variety of industries, including financial services and legal. The results highlight the continued detrimental impact phishing attacks and ransomware can have on an organization and the need to address the human-activated risk component created by people within an organization. Key survey findings include:
- 59% of organizations fell victim to ransomware, but only 23% of boards of directors consider it to be their top priority;
- 98% deliver anti-phishing training to their teams, however;
- 52% allocate less than one-quarter of their security budget to anti-phishing measures;
- 84% were hit by phishing; 42% had credentials stolen;
- 66% fell victim to business email compromise (BEC), which is sophisticated, dangerous, and very expensive; and
- 70% of IT leaders say they have or would refuse a ransom demand.
- Highlight on Financial Services: 70% of financial services firms experienced a ransomware attack in 2021. The average pay-out as a result of the attack was $91,230.
“Cybercriminals are continuing to leverage sophisticated social engineering attempts to catch users at a weak moment and gain access to the sensitive data they’re seeking. The results of this study show that cybersecurity training is limited in its effectiveness and it’s a big ask for people within an organization to be constantly vigilant to phishing threats,” said Jack Chapman, Vice President of Threat Research at Egress. “It’s imperative that organizational leadership, including the board of directors, focus on what’s needed to provide the most effective cybersecurity protection for that organization. That includes evaluating overall spend and what’s in the security stack, looking to intelligent technology to tackle sophisticated phishing attacks.”
