Our website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

The average UK business has experienced 16 successful phishing attacks in 2022 so far, warns new State of Email Security report

 

Tessian report reveals that one in seven advanced email cyber attacks facing UK businesses are likely to be successful

LONDON, 10th November 2022 – The average UK business has experienced 16 successful email-based phishing attacks in 2022 so far, and 56 per cent had experienced an email attack where account credentials were stolen or compromised. This was revealed in email security company, Tessian’s, new State of Email Security report launched today.

Out of the 79 per cent of UK businesses that had encountered a successful email phishing attack this year, 30 per cent said the repercussions included a breach of customer or client data, 28 per cent resulted in financial losses, 27 per cent resulted in ransomware infection, 21 per cent reported reputational damage, and 19 per cent had to deal with a regulatory fine.

The report, based on Censuswide polling of 150 IT and Security professionals in the UK, also revealed that UK businesses were each targeted by an average of 113 spear phishing attacks each in 2022, of which one in seven were successful.

UK businesses also encountered an average of 106 email-based ransomware attacks, 135 impersonation attacks and 274 bulk phishing attacks across the first nine months of 2022.

Surveyed security leaders reported that they are most concerned about ransomware and malware attacks in the UK, with 45 per cent citing this as their biggest cause for concern. This was followed by email impersonation attacks at 31 per cent, and account takeover attacks at 29 per cent. On a global scale, however, email impersonation attacks ranked as the highest concern for security leaders.

Josh Yavor, Chief Information Security Officer at Tessian, commented:

“We all rely on email at work and at home, and as the gateway to valuable data and access, email accounts are always a valuable target to adversaries, especially those seeking to compromise business. We can also expect threats to continue to expand into other communication platforms like instant messaging tools, personal email or social media accounts as attackers seek to evade detection.”

When looking at email impersonation attacks in more detail, the report revealed that employees are the most likely candidates for impersonation, and two in five businesses encountered a bad actor impersonating an employee. The second most impersonated targets were company suppliers and third party vendors, both at 32 per cent, followed by investors and C-Level executives, both at 25 per cent.

Yavor added: “To keep employees secure on email, organisations should be proactive in delivering security training that addresses the common types of threats on email that’s tailored and personalised to their role and department. Company cultures also play a significant role in protecting employees. Security leaders should emphasise a culture that builds trust and confidence, which will ultimately improve security behaviours.”