According to the UK Cyber Security Breaches Survey 2022, 39% of UK businesses reported being impacted by cyber threats, with phishing attacks accounting for a huge 83% of these incidents. Recent reports show malicious threats have only increased; the 2023 & 2024 Cyber Security Breaches Survey report to phishing attacks as again to be the most prevalent method of attack type.
Phishing attacks arenβt going away β they're growing smarter. So, what can organizations do to protect their people?
Understanding the cyber threat landscape
Methods for phishing methods are advancing, as attackers adopt more sophisticated strategies capable of tricking even the most alert, trained employees. Often leveraging personalized messages sculpted with AI and sophisticated social engineering techniques, phishing attacks mimic legitimate organizations and create often indistinguishable phishing messages.
How much does a security breach cost?
According to the security breaches survey, last year small businesses paid an average of Β£4,200 for cyber attacks, while medium and large organizations reported average losses reaching Β£19,400 per incident.β―While significant under reporting is expected, breaches inflict enormous financial losses, disrupt business operations and damage reputations permanently.
Extending the lens: Cyber threats across Europe
Across Europe, there has been an increase in both the frequency and complexity of cyber-attacks in the last few years.β―The ENISA Threat Landscape 2023 reported a 150% increase in ransomware attacks over the past 12 months, while phishing continues to pose the greatest threat across multiple sectors.
Furthermore, small and medium-sized enterprises are particularly vulnerable, with over 60% reporting at least one cyber incident in the previous year. The impact for these smaller organizations is significant, as they often lack the resources required to recover quickly. Additionally, in Germany and France, targeted phishing campaigns often impact critical infrastructure, including energy and healthcare.
Due to legislation such as the General Data Protection Regulation (GDPR), stakes are high for organizations across Europe. Non-compliance with data protection standards can result in data breaches, leading to significant fines reaching millions of Euros. Regulatory changes in the UK, EU and US highlight the need for robust cyber security measures that not only defend against attacks but also ensure compliance.
The gap between awareness and defences on cyber risks
While awareness of cyber risk is growing, many organizations remain underprepared. In a recent survey of over 400 IT leaders across the UK, USA and Europe, we found that only 24% admitted that they see their security investment as very well aligned with actual security risks.
According to UK Cyber security breaches survey, only 19% of UK businesses have a formal incident response plan in place. In Europe, this gap is just as evident. Research from ENISA suggests that fewer than 30% of European organizations have a comprehensive incident response strategy.
A multilayer defence should be in place to combat cyber threats with a combination of policies, technical measures and awareness training. Proactive measures such as implementing strong security protocols, educating employees, and establishing clear incident response protocols can significantly reduce or limit the risk of a cyber attacks. Yet, many business do not know where to start, or how to ensure that measures are effective and promise a positive return-on-investment in invested technology.
From awareness towards resilience
The call to action is clear. Organizations must prioritise a focus on cyber threats and foster a culture of awareness, preparedness, and continuous improvement. This requires the adoption of synergetic technologies to support uninterrupted business processes. In this case of email phishing which can no longer be detected by the human eye and are capable of bypassing the security boundaries of traditional email clients, this is especially true. Organizations must adopt tools that can block threats before they land in mailboxes, while mitigating human error and protecting sensitive communications.
The evolving cyber threat landscape demand action. Organizations should protect their data and reputation while building long-term resilience through targeted investments in advanced security solutions and thus closing readiness gaps. Our latest Email Security Trends Report 2025 explores how intuitive organizations are preparing for evolving risks. Read the research now.
