undefined

 

Tessian report reveals that one in seven advanced email cyber attacks facing UK businesses are likely to be successful

LONDON, 10th November 2022 – The average UK business has experienced 16 successful email-based phishing attacks in 2022 so far, and 56 per cent had experienced an email attack where account credentials were stolen or compromised. This was revealed in email security company, Tessian’s, new State of Email Security report launched today.

Out of the 79 per cent of UK businesses that had encountered a successful email phishing attack this year, 30 per cent said the repercussions included a breach of customer or client data, 28 per cent resulted in financial losses, 27 per cent resulted in ransomware infection, 21 per cent reported reputational damage, and 19 per cent had to deal with a regulatory fine.

The report, based on Censuswide polling of 150 IT and Security professionals in the UK, also revealed that UK businesses were each targeted by an average of 113 spear phishing attacks each in 2022, of which one in seven were successful.

UK businesses also encountered an average of 106 email-based ransomware attacks, 135 impersonation attacks and 274 bulk phishing attacks across the first nine months of 2022.

Surveyed security leaders reported that they are most concerned about ransomware and malware attacks in the UK, with 45 per cent citing this as their biggest cause for concern. This was followed by email impersonation attacks at 31 per cent, and account takeover attacks at 29 per cent. On a global scale, however, email impersonation attacks ranked as the highest concern for security leaders.

Josh Yavor, Chief Information Security Officer at Tessian, commented:

“We all rely on email at work and at home, and as the gateway to valuable data and access, email accounts are always a valuable target to adversaries, especially those seeking to compromise business. We can also expect threats to continue to expand into other communication platforms like instant messaging tools, personal email or social media accounts as attackers seek to evade detection.”

When looking at email impersonation attacks in more detail, the report revealed that employees are the most likely candidates for impersonation, and two in five businesses encountered a bad actor impersonating an employee. The second most impersonated targets were company suppliers and third party vendors, both at 32 per cent, followed by investors and C-Level executives, both at 25 per cent.

Yavor added: “To keep employees secure on email, organisations should be proactive in delivering security training that addresses the common types of threats on email that’s tailored and personalised to their role and department. Company cultures also play a significant role in protecting employees. Security leaders should emphasise a culture that builds trust and confidence, which will ultimately improve security behaviours.”