The latest survey by software recommendation site GetApp found that an overwhelming majority (98%) of senior managers say phishing attacks are a concern for their company, with 23% saying it is a serious concern. In particular, nine out of 10 senior managers believe phishing attacks are becoming a serious threat to businesses, and 89% say phishing attacks are becoming harder to detect due to their sophistication.
With technology playing an important role in remote work, GetApp surveyed 561 respondents in Australia, including 346 employees, 215 senior or executive managers and business owners. The study examines how phishing attacks affect organisations and what SMEs can do to combat these threats.
The research found that 57% of those surveyed have been targeted multiple times at work, with 33% experiencing a 10-20% increase in the last three years. Of the phishing attacks respondents received at work, 49% of the attacks impersonated a company, and 40% imitated a bank. While businesses must remain vigilant across all communication channels, 90% of respondents say they have experienced phishing attacks at work via email, compared to SMS (28%), phone calls (20%) and social media (9%).
GetApp’s survey shows that 75% of senior managers recognised a phishing attack after receiving it at work and reported it to the appropriate team, compared to only 61% of employees. 51% ignored or deleted a phishing attempt after realising it was fraudulent. 74% of senior managers say that their company already uses anti-phishing software. Of these respondents, an overwhelming 97% said the software successfully prevents phishing attacks regularly (72%) or does so occasionally (25%).
Of respondents who said their company does not have anti-phishing software (17%) or were unsure if their company did (9%), only 15% said there are no plans to implement it. On the other hand, 69% of those respondents said that their company plans to adopt the software soon.
The study shows 81% of senior management say their company has implemented employee phishing awareness training. Of this group, 88% believe the training helped prevent phishing attacks and reported a reduction in successful attacks. 52% of those with phishing training at work believe spending on phishing awareness training will decrease or remain the same. Less than half (47%) expect increased spending in the next two years.
Analyst at GetApp Australia, Andrew Blair, said, "Companies that wish to instil robust and proactive security procedures to their operations need to reduce the margin of human error that can result in a data breach. Coupling employee learning with software solutions can help mitigate security risks, especially phishing.
“Organisations should keep up their guard with continuous learning and up-to-date software solutions to keep up with the evolving phishing attacks that proceed one another."
The full article is available to read on the GetApp blog.
Survey methodology:
GetApp’s Phishing Attacks Survey data was collected between July and August 2023. The survey comprises answers from 561 respondents comprising 346 employees and 215 senior managers, executive managers, and business owners. The survey sample was selected based on the following criteria:
-
Australia resident
-
Aged 18-65 years old
-
Employed either full-time or part-time with a company with at least two employees
-
Uses a computer for daily work tasks at least sometimes
-
Has received at least one phishing attack at work
-
Understands the meaning of a phishing attack after being shown the definition.
The following definition of a phishing attack was shown to respondents: ‘Phishing is a common type of cyber attack that targets individuals through email, text messages, phone calls, and other forms of communication usually by impersonating senders known to the recipient (for example, package delivery, prizes, public entities, etc.). A phishing attack aims to trick the recipient into falling for the attacker’s desired action, such as revealing financial information, system login credentials, or other sensitive information. Phishing attacks are very often perpetrated against companies through their employees.’
Key Facts:
- Phishing attacks mostly target company emails
- Company impersonations are the most common type of phishing attacks
- According to 98% of senior managers, phishing attacks are a concern
- 74% of companies have anti-phishing software, according to senior managers
- Organisations must layer up cybersecurity defences
About us:
About GetApp:
GetApp is the recommendation engine small businesses need to choose the right software. GetApp enables SMBs to achieve their mission by delivering the tailored, data-driven recommendations and insights required to make informed software purchasing decisions. For more information, visit www.getapp.com.au.
Contact details:
Garry Steel
Marketing Specialist
garry.steel@gartner.com
