75% of UK IT Professionals Hit with Email-Based Security Incident, Phishing Trend Report Reveals

Findings show that despite being flooded by suspicious emails, lack of integration between security solutions is biggest anti-phishing challenge

LONDON, UK – September 13, 2017 – Today PhishMe®, the leading provider of human phishing defence solutions, released the results of its UK Phishing Response Trends Report, which looked at the phishing response strategies of IT security decision-makers across a variety of industries in the United Kingdom.

The report reveals that UK businesses are being flooded with suspicious emails targeting employees, with 75% of professionals surveyed claiming to have dealt with a security incident originating from a deceptive email. Despite significant investments in perimeter security technology to combat the problem, 48% of the same respondents feel their phishing response strategies range from “not effective” to just “somewhat effective.”

According to the Ponemon Institute, the average cost of a data breach for UK businesses is £2.48 million[1] with attacks affecting many thousands of customers. The time it takes to identify and contain a breach is critical. The faster a breach is identified and contained, the lower the cost. However, sometimes an organisation’s established security can get in the way with 50% of survey respondents naming the lack of integration among their security solutions as the biggest anti-phishing challenge. Those solutions rely mostly on technology, not human assets, underscoring that technology by itself isn’t the answer to phishing.

The report has been compiled in conjunction with PhishMe’s continued expansion in the UK and follows its membership in the London Digital Security Centre (LDSC), a London Mayor-backed nationwide cybersecurity initiative.  Key UK findings from the report include:

  • The number one security worry for IT professionals is email-related threats
  • Nearly a quarter of respondents see more than 500 suspicious emails weekly
  • Over 75% of surveyed IT professionals have dealt with a security incident originating from a deceptive email
  • Almost all respondents have at least one and, in most cases, many more than four different security solutions in place to help combat email and phishing threats
  • That said, nearly half of respondents named lack of integration among their security solutions as their biggest anti-phishing challenge
  • 48% of respondents say their phishing response strategies ranged from “totally ineffective” to “somewhat ineffective”
  • 96% of surveyed IT professionals plan to upgrade their phishing response and prevention

“Email-related security threats remain the number one concern for IT professionals. It’s clear that technology alone hasn’t and will not solve the problem with the human at its very root,” explained Rohyt Belani, co-founder and CEO of PhishMe. “Human-assisted technologies that stack up grey matter against hackers and leverage technology to scale and speed up processing are the best bet in defeating phishing attacks. Businesses need conditioned, vigilant employees to recognise email-related threats and report them in a timely manner to their security operations centres. Our goal at PhishMe is to help those security operations teams to rapidly triage this barrage of employee-reported emails and operationalize the blocking of malicious ones via automation and orchestration.”

The full report is available for download here: https://cofense.com/phishing-response-trends-uk

To learn more about PhishMe’s phishing incident solutions, please visit: cofense.com

Survey Methodology

This study was commissioned by PhishMe and delivered by Gatepoint Research, an independent market research organisation. Gatepoint Research surveyed two hundred select IT professionals, largely senior decision-makers, on phishing response strategies. They represented firms in a wide variety of industries, including but not limited to business services, high tech, primary manufacturing, healthcare, financial services, retail trade, wholesale trade, transportation, consumer services, and telecom services. Businesses of all sizes from small or mid-market firms to Fortune 1000 companies were included in the sample.

About PhishMe

PhishMe is the leading provider of human-focused phishing defence solutions for organisations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defence by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organisation’s security decision-making process. PhishMe’s customers include the defence industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behaviour will improve security, aid incident response and reduce the risk of compromise.

[1] Source: Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview

Phishing Incident Response: Get Started in 3 Steps
Identity Crisis – The Real Cost of a PII Data Breach

Leave a Reply