Thought leadership

Less than One-Quarter of Board of Directors See Ransomware as a Top Priority

Despite 98% of organisations delivering security awareness training to staff, phishing attacks are an increasing problem
by Egress
Published on 2nd Mar 2022

London, UK – 02 March 2021 – Egress, the leading provider of intelligent email security, today released the findings of its 2022 Fighting Phishing: The IT Leader’s View survey, which found only 23% of board of directors consider ransomware to be their top priority. This is especially concerning as according to the survey, 59% of organisations fell victim to ransomware and a staggering 84% of organisations were victims of phishing, while 98% of organisations deliver anti-phishing training.

New phishing and ransomware attacks continue to make headlines, and Colonial Pipeline, Kaseya, Conti, Log4j and more are still being heavily discussed. Add to that, Cybersecurity agencies from the United States and United Kingdom having recently issued statements that highlight the growing threat from the increase in sophistication of ransomware attacks. The Egress’ 2022 Fighting Phishing: The IT Leader’s View survey confirmed that phishing and ransomware are causing the perfect storm and there is a disconnect about the prioritisation of cybersecurity at the Board level. With the growing threat in mind, ransomware and phishing should continue to be a top concern for all organisations as hackers become more sophisticated. Training and technology discussions need to be elevated.

The Egress Fighting Phishing: The IT Leader’s View survey was independently conducted by Arlington Research and polled 500 IT leaders across the U.S. and U.K. from a variety of industries, including financial services and legal. The results highlight the continued detrimental impact phishing attacks and ransomware can have on an organisation and the need to address the human activated risk component created by people within an organisation. Key survey findings include:

  • 59% of organisations fell victim to ransomware, but only 23% of boards of directors consider it to be their top priority;
  • 98% of organisations deliver anti-phishing training to their teams, however;
  • 52% of organisations allocate less than one-quarter of their security budget to anti-phishing measures;
  • 84% of organisations were hit by phishing; 42% had credentials stolen;
  • 66% of organisations fell victim to business email compromise (BEC), which is sophisticated, dangerous, and very expensive; and
  • 70% of IT leaders say they have or would refuse a ransom demand.
  • Highlight on Financial Services: 70% of financial services firms experienced a ransomware attack in 2021. Average pay-out as a result of the attack was $91,230.

“Cybercriminals are continuing to leverage sophisticated social engineering attempts to catch users at a weak moment and gain access to the sensitive data they’re seeking. The results of this study show that cybersecurity training is limited in its effectiveness and it’s a big ask for people within an organisation to be constantly vigilant to phishing threats,” said Jack Chapman, Vice President of Threat Research at Egress. “It’s imperative that organisational leadership, including the board of directors, focus on what’s needed to provide the most effective cybersecurity protection for that organisation. That includes evaluating overall spend and what’s in the security stack, looking to intelligent technology to tackle sophisticated phishing attacks.”


About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.

Trusted by the world’s biggest brands, Egress has offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto. In April 2024 KnowBe4, the provider of the largest security awareness training and simulated phishing platform, entered into a definitive agreement to acquire Egress.