Thought leadership

Less than One-Quarter of Board of Directors See Ransomware as a Top Priority

Despite 98% of Organisations Delivering Security Awareness Training To Staff, Phishing Attacks are An Increasing Problem
Published on 2nd Mar 2022
Despite 98% of Organisations Delivering Security Awareness Training To Staff, Phishing Attacks are An Increasing Problem
Ransomware Code 1440X253

London, UK – 02 March 2021 – Egress, the leading provider of intelligent email security, today released the findings of its 2022 Fighting Phishing: The IT Leader’s View survey, which found only 23% of board of directors consider ransomware to be their top priority. This is especially concerning as according to the survey, 59% of organisations fell victim to ransomware and a staggering 84% of organisations were victims of phishing, while 98% of organisations deliver anti-phishing training.

New phishing and ransomware attacks continue to make headlines, and Colonial Pipeline, Kaseya, Conti, Log4j and more are still being heavily discussed. Add to that, Cybersecurity agencies from the United States and United Kingdom having recently issued statements that highlight the growing threat from the increase in sophistication of ransomware attacks. The Egress’ 2022 Fighting Phishing: The IT Leader’s View survey confirmed that phishing and ransomware are causing the perfect storm and there is a disconnect about the prioritisation of cybersecurity at the Board level. With the growing threat in mind, ransomware and phishing should continue to be a top concern for all organisations as hackers become more sophisticated. Training and technology discussions need to be elevated.

The Egress Fighting Phishing: The IT Leader’s View survey was independently conducted by Arlington Research and polled 500 IT leaders across the U.S. and U.K. from a variety of industries, including financial services and legal. The results highlight the continued detrimental impact phishing attacks and ransomware can have on an organisation and the need to address the human activated risk component created by people within an organisation. Key survey findings include:

  • 59% of organisations fell victim to ransomware, but only 23% of boards of directors consider it to be their top priority;
  • 98% of organisations deliver anti-phishing training to their teams, however;
  • 52% of organisations allocate less than one-quarter of their security budget to anti-phishing measures;
  • 84% of organisations were hit by phishing; 42% had credentials stolen;
  • 66% of organisations fell victim to business email compromise (BEC), which is sophisticated, dangerous, and very expensive; and
  • 70% of IT leaders say they have or would refuse a ransom demand.
  • Highlight on Financial Services: 70% of financial services firms experienced a ransomware attack in 2021. Average pay-out as a result of the attack was $91,230.

“Cybercriminals are continuing to leverage sophisticated social engineering attempts to catch users at a weak moment and gain access to the sensitive data they’re seeking. The results of this study show that cybersecurity training is limited in its effectiveness and it’s a big ask for people within an organisation to be constantly vigilant to phishing threats,” said Jack Chapman, Vice President of Threat Research at Egress. “It’s imperative that organisational leadership, including the board of directors, focus on what’s needed to provide the most effective cybersecurity protection for that organisation. That includes evaluating overall spend and what’s in the security stack, looking to intelligent technology to tackle sophisticated phishing attacks.”

 

About Egress

Our mission is to eliminate the most complex cybersecurity challenge every organisation faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behaviour such as misdirected emails, data exfiltration, and targeted spear-phishing attacks.

Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York, and Boston.