New data from the U.K. Government’s Cyber Security Breaches Survey 2022 report shows that a material portion of businesses and charities are being attacked and feeling the repercussions.
When you hear that 31% of businesses and 26% of charities in the U.K. estimate they were attacked at least once a week, that’s material. It means that every industry vertical, size, and type of business is being attacked, with some fending off attacks better than others.
According to the report 39% of U.K. businesses identified an attack within the last 12 months, consistent with the previous year. 21% of the attacks identified involved either a denial of service or ransomware attack. And, of those attacked, 35% of businesses and 38% of charities experienced negative consequences as a result of the attack.
According to the report, only 19% of businesses and 15% of charities train and test their staff with mock phishing exercises – a real problem, as 83% of the attacks experienced began with a phishing email.
As much as I admire organizations for taking additional steps to better secure their environments (25% of those attacked did, as shown in the chart above), security execs and pros alike should follow the attack paths taken by threat actors and shore up the security where it’s evident attacks are happening. Security Awareness Training and phishing testing are proven and effective tools to increase the security of the organization by making more vigilant users who are less likely to fall for phishing attacks that make their way past security solutions to the Inbox.
