40% of CSOs say Their Organization is Not Prepared for Cyberattacks as Phishing is the Top Likely Cause of Breaches

40% of CSOs say Their Organization is Not Prepared for Cyberattacks as Phishing is the Top Likely Cause of BreachesA new survey of executives sheds light on how well organizations fared with cyberattacks in the last 12 month as well as what attack vectors are going to increase future breaches.

I’ve spent quite a bit of time here writing about the experienced and expected continued increases in cyberattacks due to the evolution of cybercrime-as-a-service, the partnerships between cybercriminal groups, and the increased sophistication of attacks.

In other words, cybercrime is now fully acting like legitimate businesses.

A new survey of executives from cybersecurity analysis vendor ThoughtLab provides us a view into what’s transpired back in 2021, and what execs are expecting moving forward. In their newly released report, Cybersecurity Solutions for a Riskier World, we see that both cybersecurity incidents and “material” breaches increased in 2021:

  • Organizations experiencing a cybersecurity incident grew 15% in 2021 over 202 with just over one-quarter of organizations (26.2%) being involved in an attack
  • While material breaches were far less common, the percentage of organizations experiencing them (.82%) in 2021 was a 24% increase over 2020

And when asked whether their organization is “well prepared for today’s rapidly changing threat landscape”, on average, 27% of all executives said they weren’t, with 40% of CSOs feeling even more strongly about their lack of preparedness.

When asked about the types of attacks that were responsible for the breaches, as well as which ones pose the highest risk over the next two years, a pattern of risk begins to emerge:


The top two highest risks for the foreseeable future are also two of the main causes for recently experienced breaches. They also all involve the unwitting participation of your users. And if you consider that the top initial attack vector in ransomware attacks is phishing, you can include some part of ransomware involving users as well.

What’s needed to protect organizations from future attacks is to prepare users. Prepare them from phishing, vishing, SMiShing, and social engineering – all commonly-used methods to trick users into engaging with malicious content that is the catalyst for breaches. It’s only through Security Awareness Training that users begin to understand how attacks work, what tactics are used, and how to identify a malicious piece of content in email or on the web, reducing the likelihood that users will engage and help the attacker.

Want to be better prepared for the next two years of cyberattacks? Upgrade your users.

The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

ModStore01-1The ModStore Preview includes:

  • Interactive training modules
  • Videos
  • Trivia Games
  • Posters and Artwork
  • Newsletters and more!

Start Your Preview

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews