Board of Directors do not see ransomware as a top priority

Share
Despite 98% of organisations delivering security awareness training to staff, Egress’ new research has found phishing attacks are an increasing problem

Only 23% of company directors consider ransomware to be a top cyber security priority, even though 59% of organisations have at some point fallen victim to a ransomware incident, according to a new Egress study.

Egress, the leading provider of intelligent email security, has released findings of its 2022 Fighting Phishing: The IT Leader’s View survey. It was found that 84% of organisations were victims of phishing, while 98% of organisations deliver anti-phishing training.

The research was conducted by Arlington Research and polled 500 IT leaders across the US and UK from a variety of industries, including financial services and legal. The results highlight the continued detrimental impact phishing attacks and ransomware can have on an organisation and the need to address the human activated risk component created by people within an organisation. 

Growth of phishing attacks

New phishing and ransomware attacks continue to make headlines, and Colonial Pipeline, Kaseya, Conti, Log4j and more are still being heavily discussed. The survey confirmed that phishing and ransomware are causing the ‘perfect storm’ and there is a disconnect about the prioritisation of cybersecurity at the Board level.

“Cybercriminals are continuing to leverage sophisticated social engineering attempts to catch users at a weak moment and gain access to the sensitive data they’re seeking. The results of this study show that cybersecurity training is limited in its effectiveness and it’s a big ask for people within an organisation to be constantly vigilant to phishing threats,” said Jack Chapman, Vice President of Threat Research at Egress.

“It’s imperative that organisational leadership, including the board of directors, focus on what’s needed to provide the most effective cybersecurity protection for that organisation. That includes evaluating overall spend and what’s in the security stack, looking to intelligent technology to tackle sophisticated phishing attacks.”

A need for cyber security training to keep organisations safe  

Egress found that 70% of IT leaders would refuse a ransomware demand, while, it also reported that as many as 70% of financial services firms had experienced a ransomware attack in 2021, with the average payout standing at about US$91,000.

Turning to phishing, Egress’ study reported that 98% of organisations now deliver anti-phishing training to their teams. However, half allocate less than a quarter of their security budget to actual anti-phishing measures.

This was despite the fact that 84% of organisations have been hit by attacks that originated with a phishing email, and 66% specifically by business email compromise (BEC), an exploit in which attackers successfully compromise a C-suite target email and use it to trick another employee into sending them money.

Share

Featured Articles

Resilience: Firms Fail to Grasp Cyber Financial Impact

Resilience and YouGov survey reveals 74% of mid to large UK businesses face cybercrime, while ransomware understanding lags behind data breach concerns

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

Cyber Security

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security