84 Percent of U.S., U.K. Organizations Have Been Breached by Spear Phishing Attacks

A?recent survey of 300 IT decision makers in the U.S. and U.K. found that more than 84 percent of respondents said a spear phishing attack had penetrated their organization’s security defenses.

The survey, conducted by Vanson Bourne and sponsored by Cloudmark, also found that respondents said approximately 28 percent of spear phishing attacks are getting through their organization’s security defenses.

High-profile breaches resulting from spear phishing attacks include those that hit Anthem, Sony, JPMorgan Chase, and the U.S. Office of Personnel Management.

Twenty percent of respondents said spear phishing is the top threat facing their company.

Ninety percent of respondents had seen spear phishing attacks delivered by email, while 48 percent said their organization had seen spear phishing attacks delivered via mobile platforms, 40 percent had seem them delivered via social networks, and 30 percent had seen them delivered via social media.

“With the wealth of information about individuals and organizations now available online, cybercriminals can easily craft targeted attacks to gain access to valuable personal and financial information,” Cloudmark CEO George Riedel said in a statement. “Spear phishing has emerged as one of the largest threats facing enterprises today.”

Survey respondents estimated the financial impact of spear phishing to their organization to be more than $1.6 million over the past 12 months alone. For U.S. businesses, the average cost was $1.8 million.

Organizations that had been breached by spear phishing said the attacks resulted in loss of employee productivity (41 percent), financial loss (32 percent), damage to company reputation (29 percent), damage to brand reputation (27 percent), and a decrease in stock price (15 percent).

Only 11 percent of respondents said their organization is fully prepared to deal with spear phishing attacks.

Fifty-six percent of respondents said their organization is using staff training to deter spear phishing attacks, and 79 percent are testing employees’ responses to spear phishing. Among those who test their employees’ responses, only 3 percent said all employees passed the most recent test. On average, respondents said 16 percent of staff failed their organization’s most recent spear phishing test.

Targets of spear phishing, according to the survey results, include IT staff (44 percent), finance staff (43 percent), sales staff (29 percent), CEO (27 percent), and CFO (17 percent).

Separately, a recent AIIM survey found that 26 percent of organizations suffered loss or exposure of customer data in the last 12 months, and 18 percent lost employee data. As a result, 10 percent faced action or fines from a regulator, 25 percent saw a disruption to their business, and 18 percent saw a loss of customer trust.

About a quarter of respondents to the AIIM survey said senior management doesn’t take the issue of data privacy breaches seriously.

Recent eSecurity Planet articles have offered advice on defeating phishing attacks, and examined a new spear phishing attack designed to bypass two-factor authentication.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles