Most European companies ‘unprepared for phishing attacks’

Most European companies ‘unprepared for phishing attacks’ [Image: MicroStockHub via iStock]

The majority of European companies are unprepared for phishing cyber attacks, according to a new report.

For its Phishing Response Trends Report, cyber defence firm Cofense commissioned a survey of IT executives in five countries – the UK, Germany, France, the Netherlands and Belgium – on their phishing response strategies and the challenges they face.

It found that 57 per cent of European companies believe they are unprepared for a phishing attack, despite 78 per cent of IT professionals having dealt with a security incident originating from a deceptive email.

Across all five European countries surveyed, Cofense found that security teams reported that they are struggling to manage their response to the number of suspicious emails being received.

It was also revealed that the US and Europe differ “in their appetite for automated email analysis to solve this problem”. Some 59 per cent of respondents in Europe had automated email analysis on their wish list, compared to just 33 per cent in the US.

According to the report authors, this could highlight the skills gap across Europe. They suggested that as organisations of all sizes struggle to find IT talent – particularly with cyber security skills – the need for an automated and integrated system to deal with suspicious emails may be felt more acutely in Europe.

The survey found that the top security concern for IT professionals is phishing and email-related threats. Meanwhile, 41 per cent of respondents say their biggest anti-phishing challenge is poorly integrated security systems.

Britain was found to be a particular target, reporting the most suspicious emails each week across Europe, with 23 per cent receiving more than 500.

Rohyt Belani, co-founder and CEO of Cofense, said: “Technology solutions alone have proved time and time again that they can only go so far to protect enterprises. It is not enough to lock down systems and force users into acting a certain way; instead, we need to build a human-driven phishing defence posture that leverages human instinct for detection and technology to scale response.”