Cybersecurity company Egress has released its second eMail security risk report. The report contains new data on phishing attacks, data loss prevention, and concerns about technical defences’ ability to detect and prevent advanced threats within Microsoft 365 environments.
Jack Chapman, VP of threat intelligence at Egress, said: “The 2024 Email Security Risk Report is an essential read for all cybersecurity professionals and ultimately a tool to help teams assess their inbound and outbound defences. What has been staggering is the emergence of trends alongside the 2023 edition of the Email Security Risk Report; for example, 94 per cent of respondents fell victim to phishing attacks, up 2 per cent from the previous year. Organisations continue to face vulnerabilities when it comes to advanced phishing attacks, human error, and data exfiltration, and analysing emerging trends will be key to bolstering defences.
“The report also highlights how Cybersecurity leaders know that they’re vulnerable when it comes to phishing attacks. 58 per cent have experienced account takeover incidents in the last 12 months, and 79 per cent of these started with a phishing email that harvested an employee’s credentials, so it’s no wonder that phishing attacks and compromised accounts are causing concern for our Cybersecurity leaders.
“The use of AI by cybercriminals is also at the front of our leaders’ minds, and rightly so. While it’s currently impossible to actually prove chatbots are being used to create phishing attacks, cybercriminals generally take every advantage they can get. Organisations can’t afford to be left behind but must ensure their defences keep pace with cybercriminals’ methodology and the resulting attacks.
- 94 per cent of organisations were victims of phishing attacks
- 96 per cent of organisations were negatively impacted by phishing attacks
- 94 per cent of organisations were negatively impacted by outbound email security incidents
- 79 per cent of organisations were victims of account takeover attacks which started with a phishing email
- 61 per cent of cybersecurity leaders say the use of chatbots in phishing keeps them awake at night
The impact of an email security incident can be severe for employees and their organisations. 96 per cent of surveyed organisations experienced negative impacts from phishing attacks, which is a jump of 10 per cent versus last year’s report (when the number sat at 86 per cent). Findings show that leaders are taking a tough stance with employees caught by phishing attacks with negative outcomes for the people involved happening in 74 per cent of companies. In particular, the report revealed the way organisations responded, with:
- 51 per cent of employees caught in phishing attacks disciplined
- 39 per cent of employees caught in phishing attacks fired
- 27 per cent of employees caught in phishing attacks voluntarily leaving their roles
Looking at outbound threats, a similar picture is seen with 94 per cent of the surveyed organisations reported being adversely affected, which is an increase of 8 per cent from last year’s report. In outbound email incidents, 67 per cent of people were disciplined, let go, or chose to leave the organisation. Employees being disciplined was the most common outcome, seen in 51 per cent of organisations.
Share