92% of organisations fell victim to phishing in the past 12 months
According to the data presented by the Atlas VPN team, 92% of organisations were victims of phishing in the past 12 months, and 86% experienced negative consequences as a result.
The numbers are based on the survey conducted by Egress with 500 cybersecurity leaders from the US, UK, and Australia who have deployed Microsoft 365 in their organisations. Survey data was supplemented with Egress platform data.
The most commonly reported fallout from these attacks was financial losses from customer churn. Overall, 54% of surveyed organisation leaders said they lost customers and revenue due to successful phishing attacks.
A company's reputation, which may have taken years or even decades to build, can be irreparably damaged in just seconds due to a single security breach. Reputational damage was reported by 47% of organisations that were impacted by phishing attacks in the last 12 months.
Moreover, over a fourth (27%) of organisations underwent lengthy remediations, while nearly a tenth (9%) faced legal repercussions.
However, these incidents did not only have repercussions for the victim organisations but also for the employees involved. In 30% of cases, the employees were disciplined as a result of the successful phishing event, while 22% of organisations reported that employees were dismissed. In 18% of instances, employees left voluntarily.
72% of cybersecurity leaders express concern over AI's use in phishing emails
Phishing has become an increasingly sophisticated cyber threat as cybercriminals continue to evolve their tactics. With the advancement of AI technology, there are concerns it may be misused to create more sophisticated cyberattacks.
Specifically, 72% of cybersecurity leaders are expressing worries about the use of AI in email phishing attacks. Cybersecurity leaders within financial organisations are the most alert about AI's utilisation to craft phishing campaigns — 80% of them showed concern.
Additionally, 77% of cybersecurity leaders in the legal sector feel alarmed about the growing risks of AI use in phishing, followed by 66% of leaders in government and charity organisations and 63% in healthcare.
These concerns arise from the potential for AI to automate the phishing process, which can make attacks more efficient and scalable. Additionally, AI can create highly sophisticated and personalised phishing emails that are difficult to detect using traditional security systems. The use of deepfake technology to add video and voice capabilities to phishing attacks can make them even more dangerous.
While phishing attacks have been a persistent threat for years, the increasing sophistication of these attacks and the potential misuse of AI technology has heightened concerns among cybersecurity leaders.
As we move forward, it is crucial that organisations prioritise cybersecurity measures and stay vigilant in their efforts to protect against these threats. Additionally, further research and development of AI-based security systems will be essential to staying ahead of cybercriminals and mitigating the risks associated with AI-powered phishing attacks.