Most of the time, the cause of a major cyber-incident is a tiny spear phishing email, which, according to a recent survey carried out by Cloudmark and Vanson Bourne, costs companies around $1.6 million / €1.47 million per incident.
The survey, which took into account data from 300 companies, 200 from the US and 100 from the UK, revealed that 20% of all respondents recognize the consequences of spear phishing attacks and consider such an event the company's top security threat.
Worse is the fact that 84% of companies acknowledged their failure in stopping these attacks, and admitted to serious incidents that had a spear phishing attack at its core.
Spear phishing attacks can sometimes result in a decreased stock market price
The survey revealed that, besides the company, investors also notice the lack of proper security protocols, and in 15% of the surveyed firms, the consequences of a spear phishing attack also concluded with a decrease in the company's stock price.
Companies also said that, 90% of the time, spear phishing attempts come in via email, 48% of the time via smartphones, and in 40% of the cases via social media accounts.
Additionally, hackers seem to be interested in IT (44%) and finance staff (43%), but they've also targeted sales staff (29%), the company's CEO (27%), and its CFO (17%).
Companies conduct spear phishing training
43% of the companies also said that a spear phishing attack’s main impact on the company is a loss of employee productivity, due to increased security measures, malfunctions, and others.
Additionally, 32% of the companies also reported financial losses, 29% reported damage to their company's reputation while 27% accused damage to their brand.
Furthermore, in more serious cases, 25% of respondents also said that attacks led to intellectual property theft, which in most cases can be invaluable for a business, especially in the fast-moving world of science and tech.
But companies are learning, and 71% of them have implemented protection against spear phishing attempts, and even better, 56% conducted staff training on the matter of spear phishing.