Derelict Security: Most Firms Suffered Phishing Attacks Last Year

Email security may not always be top of mind for marketing teams struggling to drive revenue. But it can affect them — and the entire organization.

And the problem is not going away, judging by Email Security Risk Report 2024, a study fromEgress. 

Of the companies polled, 94% were victimized by phishing attacks within their Microsoft 365 environments in the last 12 months. That’s up from 92% in the previous year.

The damage from such attacks like those are as follows:  

Financial loss from customer churn — 47% 

Reputational damage — 42% 

Financial loss from regulatory penalties — 34%

Lengthy remediation — 22%

Legal repercussions, including litigation — 14%



The top three attack types were:

  • Malicious URLS 
  • Attacks sent from compromised trusted third-party accounts
  • Malware or ransomware 

The reason for the breaches? 

  • Reckless behavior to "get the job done"
  • Human error  
  • Malicious exfiltration 

And while 76% enforce internal information barriers, 51% have had them breached. Meanwhile, 51% have fallen victim to phishing attacks sent from compromised supply chain accounts. 

Among cybersecurity leaders, 95% are stressed about email security, with these issues keeping them awake at night: 

  • Deepfakes — 63%
  • AI chatbots — 61%

Of the victims, 58% suffered an account takeover. 

Moreover, they have concerns about their traditional technology: 

  • Secure email gateway — 91%
  • Microsoft — 88% 
  • Static data-loss prevention rules — 90%

Among the respondents, 91% are concerned about the effectiveness of their training.  

Egress surveyed 500 cybersecurity leaders, including CISOs and CIOs from the U.S., the U.K. and Australia, all of whom used Microsoft 365.  

Next story loading loading..