With nearly every organization experiencing some form of phishing attack, new data suggests these attacks are improving in sophistication, effectiveness, and impact.

At some point, there’s a saturation point where every organization comes to a realization about the reality of phishing attack. And according to the State of Email Security Report from email security vendor Mimecast, we’ve reached it.

In their report, Mimecast asked 1400 organizations about both what they’ve experienced and what they expect in the future around phishing attacks. And the results speak volumes:

  • Nearly every organization (96%) has been the target of an email-related phishing attempt in the past year
  • 79% of organizations have seen an increase in email volume
  • 75% of them are seeing an increase in email-based threats
  • 72% of them say the number of email-based threats had risen during the past 12 months
  • 52% feel cyberattacks are growing increasingly sophisticated

And these attacks are having a negative impact – for example, those organizations “hurt” as a result of a ransomware attack rose 23%, up to three-quarters in the last year – with 4 out of 10 organizations failing to recover the impacted data.

Mimecast shed some light on where the problem lies, with 95% of orgs citing insufficient funding, only 14% of IT budgets allocated to cyber resilience efforts, and only 23% providing Security Awareness Training on a “regular, ongoing basis.”

From the looks of things, cybercriminals are stepping up their game and organizations are falling behind. And with users not properly (read: continually) trained about the importance to remain vigilant against email-based cyberattacks matched with insufficient funding for cybersecurity initiatives, I’m afraid the trends spelled out by Mimecast are only going to continue.