Proofpoint Study Demonstrates Impact of Email Scam on Companies


Proofpoint has circulated the results of a recent study probing the impact of electronic mail scam on companies. The study discloses the level to which companies are affected by electronic mail scam, the usual impact of electronic mail scam on companies, which people are targeted, and the measures that are being taken to decrease risk.

In recent years, there has been an upsurge in electronic mail scam with last year seeing a further increase in attacks. The report discloses the proportion of businesses targeted with at least one electronic mail scam attack increased to 88.8% in Q4, 2017.

The Proofpoint study was carried out on businesses in the UK, USA, France, Australia, and Germany. France had the highest proportion of businesses that had been attacked at least once, with the USA having the highest proportion of companies that had experienced several electronic mail scam attempts. In the US. 84% of businesses had experienced one or more electronic mail scam attempts in the past 12 months.

A third of attacks involved a wire transfer and about half involved data loss. In the US, 40% of cases led to responsible people being dismissed.

The most common divisions targeted by electronic mail scam across all countries was the finance team (55%), next accounts payable (43%), the C-Suite (37%), and the general staff (33%).

The severity of the threat and consequences after an attack have seen electronic mail scam become a main worry for the board and executive teams. 91% of surveyed U.S companies considered electronic mail scam to be a board-level problem.

Although the impact of electronic mail scam on companies is often severe and electronic mail scam attacks have risen in recent years, many companies have done little to cope with the danger. Survey-wide, less than half of businesses had used technology to defend against electronic mail scam.

The most common methods used to cope with the danger were safety consciousness teaching (62%), electronic mail verification (46%), and cyber insurance (23%). 62% of respondents stated they don’t have controls in place to halt wire transfer scam, 56% said they have no user-access levels in place for methods used to process private data, and 55% have not applied end-to-end encryption for electronic mail.

The key difficulties that are avoiding increased protections against electronic mail scam and the implementation of technologies, procedures, and policies to decrease the impact of electronic mail scam on companies are:

  • A lack of technical knowledge – 41%
  • Budget limitations – 36%
  • The technical difficulty of the electronic mail system – 32%
  • Lack of understanding of the problem – 32%
  • Lack of executive support for the project –  30%