Board of Directors do not see ransomware as a top priority

Despite 98% of organisations delivering security awareness training to staff, Egress’ new research has found phishing attacks are an increasing problem

Only 23% of company directors consider ransomware to be a top cyber security priority, even though 59% of organisations have at some point fallen victim to a ransomware incident, according to a new Egress study.

Egress, the leading provider of intelligent email security, has released findings of its 2022 Fighting Phishing: The IT Leader’s View survey. It was found that 84% of organisations were victims of phishing, while 98% of organisations deliver anti-phishing training.

The research was conducted by Arlington Research and polled 500 IT leaders across the US and UK from a variety of industries, including financial services and legal. The results highlight the continued detrimental impact phishing attacks and ransomware can have on an organisation and the need to address the human activated risk component created by people within an organisation. 

Growth of phishing attacks

New phishing and ransomware attacks continue to make headlines, and Colonial Pipeline, Kaseya, Conti, Log4j and more are still being heavily discussed. The survey confirmed that phishing and ransomware are causing the ‘perfect storm’ and there is a disconnect about the prioritisation of cybersecurity at the Board level.

“Cybercriminals are continuing to leverage sophisticated social engineering attempts to catch users at a weak moment and gain access to the sensitive data they’re seeking. The results of this study show that cybersecurity training is limited in its effectiveness and it’s a big ask for people within an organisation to be constantly vigilant to phishing threats,” said Jack Chapman, Vice President of Threat Research at Egress.

“It’s imperative that organisational leadership, including the board of directors, focus on what’s needed to provide the most effective cybersecurity protection for that organisation. That includes evaluating overall spend and what’s in the security stack, looking to intelligent technology to tackle sophisticated phishing attacks.”

A need for cyber security training to keep organisations safe  

Egress found that 70% of IT leaders would refuse a ransomware demand, while, it also reported that as many as 70% of financial services firms had experienced a ransomware attack in 2021, with the average payout standing at about US$91,000.

Turning to phishing, Egress’ study reported that 98% of organisations now deliver anti-phishing training to their teams. However, half allocate less than a quarter of their security budget to actual anti-phishing measures.

This was despite the fact that 84% of organisations have been hit by attacks that originated with a phishing email, and 66% specifically by business email compromise (BEC), an exploit in which attackers successfully compromise a C-suite target email and use it to trick another employee into sending them money.


Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI