Average UK business experienced 16 phishing attacks in 2022

The average UK business has experienced 16 successful email-based phishing attacks in 2022 so far, and 56% had experienced an email attack where account credentials were stolen or compromised.

This was revealed in email security company, Tessian’s, new State of Email Security report.

Out of the 79% of UK businesses that had encountered a successful email phishing attack this year, 30% said the repercussions included a breach of customer or client data, 28% resulted in financial losses, 27% resulted in ransomware infection, 21% reported reputational damage, and 19% had to deal with a regulatory fine.

The report, based on Censuswide polling of 150 IT and Security professionals in the UK, also revealed that UK businesses were each targeted by an average of 113 spear phishing attacks each in 2022, of which one in seven were successful.

UK businesses also encountered an average of 106 email-based ransomware attacks, 135 impersonation attacks, and 274 bulk phishing attacks across the first nine months of 2022.

Surveyed security leaders reported that they are most concerned about ransomware and malware attacks in the UK, with 45% citing this as their biggest cause for concern. This was followed by email impersonation attacks at 31%, and account takeover attacks at 29%. On a global scale, however, email impersonation attacks ranked as the highest concern for security leaders.

Josh Yavor, Chief Information Security Officer at Tessian, commented: “We all rely on email at work and at home, and as the gateway to valuable data and access, email accounts are always a valuable target to adversaries, especially those seeking to compromise business.

“We can also expect threats to continue to expand into other communication platforms like instant messaging tools, personal email or social media accounts as attackers seek to evade detection.

“To keep employees secure on email, organisations should be proactive in delivering security training that addresses the common types of threats on email that’s tailored and personalised to their role and department. Company cultures also play a significant role in protecting employees.

“Security leaders should emphasise a culture that builds trust and confidence, which will ultimately improve security behaviours.”