54% of phishing attacks end in a data breach

Analysis from Atlas VPN of Proofpoint’s 2022 State of the Phish report shows that 54% of successful phishing attacks end in a data breach.

In addition:

  • 48% of attacks led to the compromise of consumer or business credentials and accounts
  • 46% led to ransomware infections, which themselves can potentially cause a significant data loss or breach
  • 44% led to the direct loss of data and intellectual property
  • 27% led to other, non-ransomware, malware infections

According to the report, 83% of organisations reported falling victim to a successful phishing attack in 2021.

These numbers are significant and highlight the potential risks to data security and integrity that businesses and consumers face daily.

Presenting Atlas VPN’s analysis, one of the company’s cybersecurity writers and researchers, Ruta Cizinauskaite, said: “Social engineering attacks like phishing heavily rely on human factors, such as an employee clicking a malicious link in order to be successful. Therefore, the most effective way to safeguard against such attacks is to invest in employee training where employees are educated in recognizing cyberattack attempts and how to act when they do.”

While businesses were the focus of this report, the most significant data breach risks consumers face often come from their data being stolen when organisations fall victim to attacks.

Organisations face a variety of cyberattacks

Another notable finding from Proofpoint’s report was the range of attacks businesses face.

  • 86% of businesses said they were hit by attempted bulk phishing attacks in 2021. Bulk phishing sees cybercriminals send phishing emails to several people within a company hoping that at least one of them will fall for it.
  • 79% said they had seen attempted spear-phishing or whaling attacks. Spear-phishing involves using a target’s personal information to enhance the apparent legitimacy of the message. Whaling is the targeting of a high-profile individual, often the company CEO or another notable employee.
  • 78% reported seeing email-based ransomware attacks.

Despite being common, phishing attacks don’t often lead to penalties

While more than half of phishing attacks lead to a data breach, only 11% eventually end with a regulatory penalty or fine.

Although this is a global number, this finding may raise questions about whether regulatory frameworks are tough enough. At the same time, it may be that the data breaches happening following a phishing attack are relatively low level and don’t hit the thresholds at which data protection regulators would look to investigate and potentially begin handing out penalties.

If your data is put at risk, you may be entitled to compensation

While cybercriminals are ultimately responsible for cybercrime, organisations and their employees have a part to play in keeping your data safe. After all, the nature of phishing attacks and the necessity of someone clicking on an email link means these events and their outcomes are 100% avoidable with diligence.

If a business or another organisation falls victim to phishing or any other type of cyberattack, and your data is subsequently at risk, you may be entitled to compensation.

Contact us for a free, no-obligation review of your potential data breach claim.


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.