Survey: Nearly 3 in 4 Organizations Suffered Data Breaches Due to Phishing

A survey released Tuesday indicates 73% of organizations have suffered data breaches caused by phishing attacks in the past calendar year.

The 2021 Insider Data Breach Survey polled 500 IT leaders and 3,000 employees in the U.S. and U.K. across the financial services, health care and legal fields. It suggests a correlation between the increase in remote work and increased risk organizations face securing their networks, with 53% of IT leaders surveyed reporting an increase in incidents caused by phishing.

Millions of Americans were displaced from traditional offices last year due to the coronavirus pandemic, and while many companies consider new back-to-work models, some may elevate their firm’s risk profile, according to the survey. Half of respondents expressed concerns over future hybrid working models, stating such models would make it harder to prevent breaches caused by malicious email attacks.

“Organizations are being bombarded by sophisticated phishing attacks. Hackers are crafting highly targeted campaigns that use clever social engineering tricks to gain access to organizations’ most sensitive data, as well as leapfrog into their supply chain,” said Egress Vice President of Threat Intelligence Jack Chapman. The survey was independently conducted by Arlington Research on behalf of software security firm Egress. “Remote working has also made employees even more vulnerable. With many organizations planning for a remote or hybrid future, phishing is a risk that must remain central to any security team’s plans for securing their workforce.”

The survey also highlights the human cost of phishing attacks. In 23% of organizations, employees who were hacked through a phishing email were either fired or left voluntarily.