Important: Immediate attention is required!
That is an example of a heading for emails that are delivered daily to thousands of inboxes.
While they appear to be harmless, many of them contain dangerous messages. It gets worse if you can’t immediately verify the sender.
Simply put, it is a spear phishing campaign designed to obtain sensitive information from a company. The primary targets are important people within an organization or company.
Such emails contain information that forces you to open the attached files. After that, spyware, malware, or viruses are installed on your system in order to steal data.
That is why these spear phishing statistics are so important. You don’t want to expose your company to cybercriminals for something that could have been avoided.
Let’s get this ball rolling.
Shocking Statistics on Spear Phishing
Here are some interesting spear phishing highlights you should be aware of:
- 65% of cyberattacks against organizations are spear phishing.
- Over 42% of employees admit to opening malicious email attachments.
- Financial services are the most targeted industry, accounting for 27.6% of all attacks.
- A single of these attacks typically costs around $1.6 million.
- In 2022, 62.9% of organizations paid a ransom fee to recover compromised data.
More on this, later in the post.
General stats and facts about Spear Phishing
Spear phishing is a major security concern for businesses. Here are General stats and facts about spear phishing:
1. Over 40% of employees admit to opening malicious email attachments.
According to Proofpoint, 42% of employees do not follow their employers’ cybersecurity policies. They admit to taking risky actions in response to phishing emails.
Opening attachments, clicking links, and providing sensitive personal credentials are among the behaviors displayed. Worse, employees have reported downloading and installing malware from spear phishing emails.
2. Spear phishing emails account for 65% of cyber attacks against organizations.
According to statistics on spear phishing published on Symantec, it is one of the most common methods of compromising organizations. It is effective because it employs emotionally manipulative messages that persuade targets to act.
This also indicates a failure in the company’s security systems to block such emails. Eventually, the emails get past spam filters, and firewalls are powerless to stop the attacks.
And What are their Targets?
3. The financial sector is the target of 27.6% of attacks.
According to APWG statistics, financial services providers are the hardest hit, accounting for nearly a third of all attacks.
The complete industry breakdown is as follows:
- Financial Institutions accounted for 27.6% of the total.
- Webmail/SaaS – 19.1%
- 15.3% of people use social media.
- Other – 14.7%
- Payments are 6.3%.
- 5.6% eCommerce
- 4.5% for cryptocurrency
- 4.3% Logistics/Shipping
- 2.6% of telecommunications
Read More: How Snapchat Uses Your Location Data?
4. In 2022, nearly two-thirds of businesses paid ransomware to recover their data.
One of the most common ransomware attack vectors is spear phishing.
According to Statista, 71% of companies worldwide will be victims of data breaches in 2022. 62.9% of these targets paid a ransom to hackers.
And guess what? There is a steep price to be paid.
5. A single spear phishing attack costs an average of $1.6 million.
A source from Cloudmark has found that A spear-phishing attack costs approximately $1.6 million. However, companies in the United States paid $200,000 more on average than businesses in the rest of the world.
The costs of the attacks differ between spear phishing and generic phishing. Because the attacker targets individuals with ready access to funds or information, the former is typically more expensive for affected parties. With such attacks being so common and so many resources at stake, the consequences can be severe.
The statistics for spear phishing attacks on companies that pay a ransom are even more shocking!
Spear phishing attacks happened in 2022
6. In 2022, cyber attackers launched 255 million phishing attacks.
Slashnext data revealed a 61% increase in malicious emailing aimed at corporations. In 2022, there will be 255 million phishing attacks detected, according to the study.
Unprotected communication channels in organizations were frequently targeted by cybercriminals. Employee mobile devices were the primary targets, with security tools falling short.
The following companies will be the most affected in 2022:
- Uber
- Cloudflare
- Twilio
- Cisco
Of course, hackers are becoming more sophisticated!
7. In 2022, 76% of zero-hour attacks detected were spear phishing credential harvesting.
In 2022, Slashnext observed a 48% increase in zero-hour threats. It represents cyber attacks that have not yet been observed or reported.
Hackers use machine learning and automation to increase their chances of compromising targets. Furthermore, they are utilizing newer communication channels such as SMS, WhatsApp, and Slack to dupe victims.
Spear phishing credential harvesting was responsible for 76% of all zero-hour attacks. Scams accounted for 15% of the total, while ransomware, malware, and exploits accounted for only 1%.
8. These attacks spoofed nearly half of the top corporate executives.
According to Usecure’s spear phishing statistics, cybercriminals targeted 59% of organizations. Even with security systems in place, 42% of executives were victims.
This is not surprising given that high-level corporate employees receive such emails once a month. With zero-hour threats on the rise, such ruses are easy to fall for.
The success rate of spear phishing
So, how effective are spear phishing campaigns? The results are astounding!
9. Almost half of all phishing attempts succeed.
According to Ivanti’s most recent spear phishing statistics, the campaigns have a 47% success rate. This is surprising, given that the primary targets are IT personnel.
However, 34% of organizations acknowledge that such attacks are becoming more sophisticated. As a result, employees usually require more knowledge to deal with such malicious messages.
10. The open rate of spear phishing emails is 70%.
According to N-Able’s spear phishing emails have a 70% open rate. Furthermore, it is stated that approximately 50% of the recipients clicked on the links.
This dangerous action is ten times more dangerous than standard phishing. Furthermore, it explains why, despite the emergence of newer communication tools, emails remain the primary target.
Standard phishing
Spear phishing is similar to standard phishing. Unlike its sibling, however, its primary target is almost everyone within an organization.
Let’s look at how it works:
11. The financial sector is a common target for standard phishing.
Standard phishing targets follow a nearly identical pattern to spear phishing targets. According to Statista, such attacks will have the greatest impact on financial services in 2022.
In that order, SaaS/webmail, e-commerce/retail, and social media following. The following is a breakdown of the industry numbers:
- Financial Institutions accounted for 23.6% of the total.
- Webmail/SaaS – 20.5%
- 14.6% eCommerce
- Other – 13.4%
- 12.6% of people use social media.
- 6.6% for cryptocurrency
- 5% on payments
- 3.8% Logistics/Shipping
12. 90% of cyber attacks on organizations start with standard phishing emails.
According to Cisco, 90% of cyber attacks on organizations were phishing emails. This figure, as previously stated, is 35% higher than spear phishing, which targets specific high-ranking employees.
What’s the good news?
13. Standard phishing has lower click rates.
According to N-Able, The click-through rate for malicious email blasting is around 5%. This is significantly lower than the national average of 50%.
The best part?
14. Standard phishing incidents are less expensive.
According to Verizon’s analysis of standard phishing incidents, it is less expensive to mitigate breaches. Most businesses would pay an average of $178,000.
This is significantly less than the time required to resolve a spear phishing attack.
Conclusion
The statistics presented above should make you reconsider interacting with malicious messages. Finally, you’ll want to stay alert by being vigilant.
Make it a habit to double-check the source before opening any attachments. Check with colleagues who are familiar with cyber attacks if necessary.
You certainly don’t want to do anything that might jeopardize your job security. Above all, you’ll save your company from paying a fortune in ransom.
Frequently Asked Questions (FAQs)
It’s difficult to detect spear phishing because new exploits complicate detection. Machine learning is increasingly being used by cyber attackers to outwit security systems and target victims.
However, you can avoid such scams by taking certain precautions. For example, you should begin by double-checking a message’s source.
You should also take your time when clicking on links in emails. It’s the only way to keep malware, spyware, and viruses from infiltrating your system.
According to statistics, 65% of hackers use this method to infiltrate businesses. Because of its focus on high-level employees, it is a popular tool among cyber attackers.
Approximately 47% of attacks succeed. This is due to the use of emotional messages that persuade victims to act.
Hackers may also include attachments that, when clicked, install malicious software. This allows for the persistent theft of sensitive data.
According to statistics, 65% of attacks use this method to compromise businesses. It is common because it is easier to dupe targets into disclosing sensitive information.
Every year, cybercriminals launch over 255 million phishing campaigns aimed at senior executives. This roughly translates to 700,000 attacks per day.