IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

84% of organizations experienced phishing or ransomware attacks in the last year

New research finds half of US firms are not effective in countering cyber threats

A new report from Trend Micro has found that 84% of US organizations have reported phishing or ransomware security incidents in the last 12 months.

The findings come from an Osterman Research study commissioned by Trend Micro that was compiled from interviews with cyber security professionals in midsize and large organizations nationwide. The research also found that half of US organizations are not effective at countering phishing and ransomware threats.

The report further split the threat landscape into 17 types of security incidents and found 84% of respondents had experienced at least one of them, highlighting the prevalence of phishing and ransomware. Most common were successful business email compromise (BEC) attacks (53%), phishing messages resulting in malware infections (49%), and account compromise (47%).

Of 17 types of threats, 37% of organizations believed they were highly effective at counteracting 11 or more of the phishing and ransomware threats. This increased to 63% of organizations who believed they were highly effective at countering 10 or fewer of the threats.

Only 16% of organizations reported no security incident types related to phishing and ransomware in the past 12 months. In other words, it is a widespread problem for most organizations.

The report found that 72% of organizations consider themselves ineffective at preventing home infrastructure from being a conduit for attacks on corporate networks. 

Related Resource

The secure cloud configuration imperative

The central role of cloud security posture management

The secure cloud configuration imperativeFree download

Survey respondents indicated high concern levels with several ransomware-related threats. Researchers said respondents were more concerned with a ransomware attack happening than their ability to clean up after a ransomware attack. 

Not being able to prevent an attack is, on average, a high concern to 55% of respondents. The post-attack concerns, such as brand reputation impacts and the ability to recover corporate data are high concerns to 48% of respondents.

Artificial intelligence (AI) and machine learning (ML) security technologies offer the prospect of greater capabilities to detect, triage, and mitigate security threats and to prioritize high-impact incidents for security analyst investigation. 

The research found that respondents reported a mismatch between current and preferred patterns of AI/ML usage — respondents wanted much more use of AI/ML than currently deployed. Around 77% of respondents said AI/ML is currently used to some extent or less, with the “to some extent” making up almost half.

Another 92% of respondents would prefer that AI/ML was used to some extent or more. Of the total, 47% wanted AI/ML used often or continually, but only 14% say this currently the situation.

"Phishing and ransomware were already critical enterprise security risks even before the pandemic hit and, as this report shows, the advent of mass remote working has increased the pressure of these threats," said Joy Clay, vice president of threat intelligence for Trend Micro. "Organizations need multi-layered defenses in place to mitigate these risks.”

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021

Most Popular

Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022