Email fraud, also known as business email compromise (BEC), is one of today’s most widespread cyber threats. These highly targeted, socially engineered attacks seek to exploit people rather than technology. They don’t include malicious attachments or URLs, arrive in low volumes, and impersonate people in authority. As a result, they are difficult to combat with traditional security tools.
But what is the direct impact of these hard-to-detect attacks? What organisations are most at risk? And what security measures are they implementing if any?
To answer these questions, Proofpoint commissioned a survey of more than 2,250 IT decision makers across the U.S., the U.K., Australia, France, and Germany.
Below, we explore three key findings from our research. To read the full report, click here.
1. Email fraud is soaring.
In the last two years, we found that 75 percent of organisations were targeted at least once by email fraud. And more than 41 percent of respondents said their business was targeted multiple times. The U.S. is the most targeted country, with 84 percent reporting one or more attacks. Germany is the least targeted country.
Looking ahead, 77 percent of businesses expect they will fall victim to email fraud in the next 12 months, and yet only 40 percent have full visibility into email threats. There is a disconnect between the anxiety felt by IT decision makers in relation to protecting the organisation from email fraud and the buy-in from the boardroom to implement preventative methods.
2. Email fraud has lasting consequences for both employers and employees.
Low volume email fraud attacks can seriously damage business operations. According to our research, “business disruption” was the most common complaint among IT decision makers whose companies were hit by email fraud attacks, followed by loss of sensitive data and recovery costs.
3. Email fraud is becoming a board-level issue.
As it continues to jeopardise the revenue and reputation of businesses around the world, email fraud has finally caught the attention of top leadership. The majority of survey respondents (82%) said that their board members and executive teams are more concerned than ever before about email fraud attacks and more than half of those surveyed (59%) said that email fraud is one of the top security risks to their organisations.
But despite increased awareness of the problem, effective solutions have yet to be implemented. Less than half of the companies we surveyed used available technology to combat email fraud.
To help convince the leadership of your organisation to protect your people, data, and brand reputation from email fraud, read about the technology organisations like yours should adopt in our full report. To see highlights of our findings, download our infographic.
There’s no silver-bullet solution to fighting these insidious attacks. But organisations can take action. By implementing a multi-layered defense strategy spanning people, processes, and technology, companies can block attacks before they do harm and discourage criminals from targeting them again.