73% of Businesses Suffered a Data Breach Linked to a Phishing Attack in the Past 12 Months

Ransomware attacks have increased significantly during the past year, but phishing attacks continue to cause problems for businesses, according to a recent survey conducted by Arlington Research on behalf of security firm Egress. Almost three quarters (73%) of surveyed businesses said they had experienced a phishing related data breach in the past 12 months.

The survey for the 2021 Insider Data Breach Report was conducted on 500 IT leaders and 3,000 employees in the United States and United Kingdom. The survey revealed 74% of organizations had experienced a data breach as a result of employees breaking the rules, something that has not been helped by the pandemic when many employees have been working remotely. More than half (53%) of IT leaders said remote work had increased risk, with 53% reporting an increase in phishing incidents in the past year.

The increased risk from remote working is of concern, especially as many organizations plan to continue to support remote working or adopt a hybrid working model in the future. 50% of IT leaders believe remote/hybrid working will make it harder to prevent data breaches from malicious email attacks. There appears to be a disconnect, as only 61% of employees believe they are less likely or equally likely to cause a data breach when working from home.

Phishing attacks are naturally bad for organizations but there is also a human cost. In 23% of organizations, employees who fell for a phishing email that resulted in a data breach were either fired or voluntarily left after the incident.

“Organizations are being bombarded by sophisticated phishing attacks. Hackers are crafting highly targeted campaigns that use clever social engineering tricks to gain access to organizations’ most sensitive data, as well as leapfrog into their supply chain. Phishing is also the most common entry point for ransomware, with potentially devastating consequences,” said Egress VP of Threat Intelligence Jack Chapman. “Remote working has also made employees even more vulnerable. With many organizations planning for a remote or hybrid future, phishing is a risk that must remain central to any security team’s plans for securing their workforce.”

The survey revealed an astonishing 94% of businesses had experienced an insider data breach in the past year. 84% of IT leaders said human error was the leading cause of insider breaches, although 28% said malicious insider breaches were their biggest fear.

89% of insider incidents had repercussions for the employees in question; however, an overwhelming majority (97%) of employees said they would report a breach they had caused, which is reassuring considering 55% of IT leaders said they rely on employees to alert them to security incidents.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.