CRA Study: Global Phishing Incidents Increasingly Driven by Ransomware Gangs

Published on
May 31, 2022

New York, NY, May 31, 2022 – Phishing attacks are increasingly driven by sophisticated ransomware gangs, and some companies are suffering up to five security incidents per quarter as a result, according to new survey findings from CRA Business Intelligence, the research and market insights arm of cybersecurity information services company CyberRisk Alliance.

The data and insights in this report are based on two surveys, sponsored by Cofense: one conducted in Q4 2021 among nearly 400 IT and cybersecurity decision-makers, and one conducted in Q2 2021 among nearly 400 respondents with similar profiles. Respondents were from large organizations across North America, Europe, the Middle East, and the APAC region. This custom research study by CRA was conducted in partnership with Cofense.

Overall, nearly half of all respondents experienced an increase in phishing in Q3 2021 (significantly lower than Q1 2021) while about one in four experienced the same frequency since Q1. The average number of phishing incidents for those that experienced an incident in the past 3 months was 5 (the same as Q1). For companies of all sizes, the frequency of these incidents can complicate response plans.

“Even advanced organizations are struggling to get orchestrated as tightly as they’d like,” said Aaron Higbee, co-founder and CTO of Cofense. “Once a phishing email is handed over to the security team, things can get challenging, depending on your skillset and depending on your budget - or the responding teams experience and third-party resources. Automation may fail, and a phishing email may make it into an organization's infrastructure. It is vital to be able to identify the source or breakdown with the automated system failed, and address it.”

Key findings from the study:
• In Q3 2021, ransomware remained the top phishing incident, experienced by half of all respondents.
• The average number of phishing incidents for those that experienced an incident in the past 3 months was 5 (the same as Q1 2021).
• Phishing represented an average of 29% of all cybersecurity incidents in Q3 2021 (compared to 32% in Q1 2021).
• Nearly half experienced an increase in phishing in Q3 2021 (significantly higher than Q1 2021); about one in four experienced the same frequency of phishing since Q1 2021.
• Email attachments and links were the top sources for phishing, accounting for about one-third of all phishing incidents (slightly more compared to Q1 2021).
• Financial loss remains the top impact of phishing incidents; overall, Q3 2021 impacts remained similar to Q1 2021.
• On average, slightly less than one-third of 2021 IT budgets in Q3 2021 were spent on phishing software/technology (similar to Q1 2021).
• Organizations adopted more defenses in Q3 2021; including increased employee awareness training, email security solutions, and phishing risk assessment tools and software/platforms.
• Compared to Q1 2021, Q3 phishing responsiveness significantly increased for employee awareness training, internal communications, and incident response team activation.
• Phishing remediation time went up slightly in Q3 2021 to 1.7 hours from 1.3 hours in Q1.
• Rapid reporting, increased user awareness, and reduced response time remain the top benefits of phishing defense software/technology in Q3 2021.

"Although phishing incidents have dropped, ransomware remains a major concern for organizations," said Matt Alderman, EVP, Foresight of CyberRisk Alliance. "Increased spending has improved responsiveness, but remediation times still lag, and financial impact has not decreased. I'd expect to see additional investment and technology innovation in this space, as the threat of ransomware will continue to wreak havoc on organizations."

The full research report is available for download here.

About CyberRisk Alliance
CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers, and practitioners. CRA’s brands include SC Media, Security Weekly, ChannelE2E, MSSP Alert, InfoSec World, Cybersecurity Collaboration Forum, our research unit CRA Business Intelligence, the peer-to-peer CISO membership network, Cybersecurity Collaborative, and Identiverse. Click here to learn more.

About Cofense
Cofense®, the leading provider of intelligent phishing defense solutions, is uniting humanity against phishing. The Cofense suite of products combines timely attack intelligence on phishing threats that have evaded perimeter controls and were reported by employees, with best- in-class security operations technologies to stop attacks faster and stay ahead of breaches.

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.