Companies Failing to Reel in Phishing Risks

Hilary Tuttle


September 4, 2018

phishing cyber riskEmail and data security firm Mimecast’s report State of Email Security 2018 found that 90% of organizations worldwide have seen the volume of phishing attacks increase or stay the same over the past year.

While security awareness education is critical to managing these email-based cyberrisks, 49% of organizations admit their management and finance teams are not knowledgeable enough to identify and stop an impersonation attempt, and 40% felt their CEO poses “a weak link in our cybersecurity operation,” a sentiment that has increased almost 30% year-over-year.

That doubt appears well-founded: 31% of C-level employees accidentally sent sensitive information to the wrong person last year, and 20% of respondents reported that a C-level executive within their organization had sent sensitive data in response to a phishing attack.

Inadequate management of this risk translated into concrete losses for many businesses—approximately a third of those that experienced email-based impersonation fraud consequently suffered data loss, a quarter experienced reputation damage and a fifth lost customers.

Hilary Tuttle is managing editor of Risk Management.