Less than a quarter of directors see ransomware as a top priority

Only 23 percent of board of directors consider ransomware to be their top priority. Yet 59 percent of organizations have fallen victim to ransomware.

A new study from email security company Egress, independently conducted by Arlington Research, polled 500 IT leaders across the US and UK. It finds 52 percent of organizations allocate less than a quarter of their security budget to anti-phishing measures, yet 84 percent were hit by phishing and 42 percent had credentials stolen.

In addition 66 percent of organizations fell victim to business email compromise (BEC), which is sophisticated, dangerous, and very expensive. 70 percent of IT leaders say they have or would refuse a ransom demand. 70 percent of financial services firms experienced a ransomware attack in 2021 with an average pay-out as a result of the attack being $91,230.

"Cybercriminals are continuing to leverage sophisticated social engineering attempts to catch users at a weak moment and gain access to the sensitive data they're seeking. The results of this study show that cybersecurity training is limited in its effectiveness and it's a big ask for people within an organization to be constantly vigilant to phishing threats," says Jack Chapman, vice president of threat research at Egress. "It's imperative that organizational leadership, including the board of directors, focus on what's needed to provide the most effective cybersecurity protection for that organization. That includes evaluating overall spend and what's in the security stack, looking to intelligent technology to tackle sophisticated phishing attacks."

The full report is available from the Egress site.

Photo Credit: LeoWolfert/Shutterstock