We have all been there, rushing through emails and clicked on a plausible link or message. The result can often be all sorts of problems which cost time and money to resolve, plus in some cases a fine for the company. Not good, so how common is this sort of phishing attack? A new survey conducted by compliance training company Skillcast reveals that nearly half (44%) of UK employees have experienced a phishing attempt whilst at work in the past year.
The study, which surveyed 2,029 UK residents who are currently employed, found that 3 in every 50 employees have fallen for, and cooperated with, a phishing attempt. Not only this, it also found a clear disparity between managers and employees, with managers twice as likely to fall for a phishing scam at work.
Skillcast CEO, Vivek Dodd, comments on the findings: “Phishing attacks pose a significant risk to businesses. The fallout can be particularly devastating for small businesses with more limited resources, causing financial losses and impacting customers and the potential to impact operational integrity. Educating employees on the consequences of phishing attacks and implementing robust security measures are essential to mitigating these risks.”
The survey also reveals that phishing attempts are most commonly made via email, with over two-thirds (69%) of workplace phishing attempts occurring through this channel. Text messages and phone calls are also commonly used, accounting for 12% and 10% of attempts respectively.
Regional Outlook
The survey uncovered regional trends in susceptibility to successful phishing attempts. Cities such as Leeds (9%), Birmingham (9%), and London (8%) reported higher rates of falling for phishing attempts compared to the national average. By contrast, Glasgow, Cardiff, Liverpool, and Edinburgh showed lower susceptibility.
Table 1: Susceptibility to Successful Phishing Attempts By City
|
City |
% fell for attack |
|
Leeds |
9% |
|
Birmingham |
9% |
|
London |
8% |
|
Newcastle |
8% |
|
Bristol |
6% |
|
Nottingham |
6% |
|
Manchester |
5% |
|
Norwich |
5% |
|
Southampton |
5% |
|
Sheffield |
4% |
|
Edinburgh |
3% |
|
Liverpool |
3% |
|
Cardiff |
2% |
|
Glasgow |
0% |
Senior vs. Entry-level Employees
The survey shows susceptibility to successful phishing attempts increases greatly with seniority. Entry-level employees reported a 5% cooperation rate (interacting) with phishing attempts, whereas senior staff – including directors and heads of departments – reported a 9% cooperation rate. This suggests that senior-level employees are nearly twice as likely to fall for phishing attempts compared to their entry-level colleagues.
Vivek shares his thoughts on this trend: “As senior employees often have access to higher levels of confidential data, their cooperation with phishing attacks can have a disproportionate impact. Not only do they handle important information, they’re also meant to lead by example. A culture that fosters compliance comes from the top and leaders should both train their staff on cybersecurity and understand it themselves so they can support and spot signs of risks. Comprehensive cybersecurity training and vigilant practices are crucial for protecting the integrity and stability of small businesses.”
Methodology
The findings are based on a survey of 2,029 UK residents who are currently employed.
Be the first to comment