#privacy: Almost half of UK SMEs targeted by phishing attacks

A new study has revealed that 43% of UK SMEs have been targeted by impersonation phishing attacks in the past year. 

A report by Cybsafe surveyed 250 IT decision-makers at UK SMEs, questioning them about the attacks they have experienced, and what was done to protect the cybersecurity of their business. 

It was discovered that of the 43% attempted impersonation phishing attacks, 66% of organisations had suffered a successful attack, with respondents citing email phishing to be greater threat to businesses than phone phishing.

When pitted against nine other potential threats, email phishing was cited the be the second most pressing threat (37%) behind Malware. Phone phishing was believed to be the least (8.8%) urgent threat to businesses. 

Oz Alashe, CEO, CybSafe commented:

“Phishing is currently the dominant attack vector for entry into networks, and its popularity isn’t hard to understand. It’s easy to carry out, easy to profit from, and from the perspective of cybersecurity professionals, it’s notoriously difficult to defend against. Just one individual falling victim can be enough to give criminals the foothold required to access confidential information.”

Impersonation phishing attacks pose a particular threat to businesses as they can be extremely convincing, especially when a threat actor impersonates friends, family or other members of staff. 

The study also found that just 47% of IT leaders claimed to have a cybersecurity training and awareness program up and running. Thus it is clear the lack of awareness on phishing scams and cyber-threats could be a major factor in the success rate of hackers. 

Despite this, the study found that little is being done by UK businesses. Those that are doing something, are “simply paying lip-service to security training for compliance reasons, and aren’t demonstrably reducing their human cyber-risk.”


The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.