Phishing Response Trends Europe

PHISHING
RESPONSE
TRENDS
Europe
OVERVIEW
Companies in Europe and around the world are ramping up to

fight phishing. No wonder. Last year, there were over 1.2 million
phishing attacks globally, a 65% annual increase.1 So, is Europe
winning the war against email-related threats?
The findings of this report strongly suggest not. Most businesses in the countries we surveyed—the UK,
Germany, France, the Netherlands and Belgium—are barely holding ground or flat out losing.
They’re flooded with suspicious emails targeting employees, but are ill-prepared to manage and
respond to those threats. In fact, most companies think they have insufficient anti-phishing expertise
and rate their incident response process as weak.
Headlines throughout Europe echo these alarms. According to a major study, UK companies are the
world’s most frequent business targets of phishing2. Also, hackers targeted senior engineers at Irish
energy networks and, while networks weren’t disrupted, the attackers may have stolen passwords
and other sensitive information.3 Through a similar spear phishing attack, hackers infiltrated the
network of a German steel mill and inflicted “massive” physical damage.4 Outside the business arena,
Russia-linked hackers attempted, with mixed success, to compromise the systems of pro-EU French
presidential candidate Jean Macron.5
Notable Findings of This Report
78% 41% 57% #1

Surveyed IT executives Say their biggest Say their phishing Security concern
have dealt with a anti-phishing challenge response ranges is phishing and
security incident is poorly integrated from “not effective” related threats
originating with security systems to only “somewhat
a deceptive email effective”
In other words, despite all their investments in technology, almost 80% of European companies surveyed
for this study have experienced a phishing-related incident. With nearly 6 in 10 companies believing they
have insufficient defences, there’s a gap between “We’re worried” and “We’re well prepared.”
Read on to learn about the implications of our phishing response data and what organisations can do
to improve their anti-phishing security.
European Phishing Response Trends 2017 | 1

SURVEY METHODOLOGY Phishing Response Data
Senior Decision-Makers
Research consultant Censuswide surveyed select European IT executives on phishing response
strategies. Five hundred executives participated, largely senior decision-makers who work across
security operations centres (SOCs) and incident response or threat analysis teams.
Numerous Industries
The surveyed companies represent firms in a wide variety of industries: business services, high tech,
manufacturing, healthcare, financial, retail trade, wholesale trade, transportation, consumer services,
telecom and general. One hundred percent of respondents participated voluntarily; none were engaged
using telemarketing.
UK/US
78% have dealt with a security 2% Not sure
incident originating with a No, never
deceptive email, with nearly half

experiencing an incident 21%
more than once. 45%
Global spending for information security products was 32%
an estimated $81.6 billion in 20166. But no matter how Yes, Yes, on
on one more than
good your perimeter defences are, malicious emails will occasion one occasion
get through. Our survey shows that 45% of companies
have faced an email-related security incident more than
once, with almost 1/3 having handled single incidents. Figure 1: Has your organisation ever experienced a
security incident that originated with a deceptive email?
2% Unsure 1 in 5 respondents see more than

501-1000 500 suspicious emails weekly.
Up to 50
18% Among all those suspicious emails companies receive each
20% week, something is often missed by filtering technologies.
The result? Potentially, a costly security breach.
With the average office worker receiving 122 emails each
28%
32% day,7 it’s no surprise that phishing
0 is the top20attack vector
10
in data breaches. Now imagine being on a small team of
8
30 40
101-500 51-100
incident responders receiving every forwarded employee
email, some truly suspicious, some just spam. Given
0 limited
10 20staff
30 and
40 time,
50 how70do80you sort through
60 0 20hundreds
40 60 80
or even thousands of emails to find the real threats?

Figure 2: How many suspicious emails are reported Automated phishing response platforms are your best
in your organisation each week?
bet. They identify and rank threats by severity, allowing
responders to do their jobs more efficiently.

K/US
Manual reporting and Inbox where users can
analysis delay detection manually submit the

suspicious email
65%
and response. An add-in feature/button
within the email client 46%
Whether it’s managing emails from
49%
By contacting
the helpdesk
100 employees or 10,000, security and
helpdesk teams can be overwhelmed
with suspicious email reports. Sifting
We do not currently have
a standard process 1%
through emails—spam and potential
attacks alike— is a boring and thankless 0 10 20 30 40 50 60 70 80 0 20
task for IT professionals who’d rather

Figure 3: How do users report suspicious emails in your organisation?
hunt spear phishing and ransomware.
On top of that, helpdesk teams are often spread thin and lack the right phishing detection training and
skills. Many may fail to identify and escalate threats or establish protective measures such as blocking
access to known malicious sites at the perimeter. It’s a “lose-lose” when reported threats go unnoticed
and invite disastrous breaches. The global median time from compromise to discovery is 99 days9—
giving phishers ample time to wreak havoc.
Computer-based
training 94% Nearly all respondents
Sandboxes 82%
Email gateway filtering 98%
have layers of security
0 10URL analysis
20 solutions30 40 50 96% in place.
Security information and
event management tool 93% In fact, while the combinations may differ,
Anti-malware solution 97% many companies have more than four
Advanced threat solution 93% security solutions in place to combat
External threat intelligence 84% email and phishing threats. They often
30 40 50 60 70 80 0 20 40 60 80 100
rely on technology
0 10
alone,
20 30
with
40
two-thirds
50 60 70 80
utilising anti-malware solutions and
* Multiple responses allowed.
Figure 4: What type(s) of security solutions does your organisation
roughly the same percentage using email
use or plan to use? gateway filtering.
Ultimately, the answer is better solutions that (a) leverage broader teams to identify phishing and
(b) automate and orchestrate response. By reducing noise in the reporting inbox (if they have one),
companies can free responders to focus on real threats.
0 10 20 30 40 50 60

Email-related threats are the Phishing and
spear phishing 76%
biggest security worries. Whaling and
CEO Fraud 55%
70 million euros. That’s how much Belgian bank Smishing
(deceptive SMS) 25%
Crelan lost in a phishing-induced breach. The
tactic was CEO fraud,UK/US
a kind of business email
USB malware
36%
Vishing
compromise (BEC) that targets C-level executives. (social engineering
phone calls)
20%
After compromising the email account of a top None of the above 1%
30 40 50
executive
60 70 80
(or convincingly
0 20
impersonating
40 60
his/her
80 100 0 10 20 30 40 50 60 70 80
emails) the attackers sent a message to Finance
ordering disbursement of funds. Such orders Figure 5: Which of the following security threats concerns you most?
usually come with reasons why they must be carried out right away and kept under wraps. Though law
enforcement agencies have warned businesses about BEC scams, untrained employees still fall for them.10
With even the most tech-savvy companies—think Google and Facebook—losing millions in
0
phishing
10 20 30 40 50 60 70
scams, everyone should be keeping a close eye on their inboxes.
Multiple layers of security

solutions that are not integrated 41% Technology alone
Too many false alerts 45% won’t solve the
Difficulty categorising threats 40%
UK/US
Inability to analyse threats data 0 10 29%30
20 40 50 60
problem.
Inefficient response process 28% More than 40% of respondents
Don’t know how to
prioritise threats 23% cite systems integration as their
Lack of technical resources 16% top anti-phishing challenge, a
Lack of training for users 24% close second to numerous false
0 10 20 30 40 50 alerts. This underscores that
technology alone isn’t the answer
Figure 6: What challenges do you have related to managing phishing attempts? to phishing. A human-focused
approach—conditioning employees to recognise and report possible phishing—fills in gaps between layers of
tech defence. Employees feed valuable intelligence to machines for rapid analysis, which in turn helps incident
0 10 20 30 40 50 60
responders spot real threats faster.
57% say their phishing response Somewhat

1% Not effective
effective
ranges from ineffective to mediocre. Very
effective
In other words, over half of organisations aren’t feeling too 43%
secure. With scattered technology, processes and limited 56%
resources, it’s not a shock.
Phishing response can be tough. It’s not like the attacks are
aimed at network resources—they target the receptionist,
the CEO, the admins, you name it. Too often, technology fails
at the top of the phishing-detection funnel, so response is
inconsistent, depending
0
on the situation.
10 20 30 40 50 Figure 7: How effective do you think your current
phishing response process is?

But with the right systems, software and education, companies can breathe easier. At Cofense, we’ve seen
organisational susceptibility to phishing emails drop 20% in just a few weeks, after only one failed simulated
10 20 attack,
30 40 along
50 60 with
70 better
80 overall0employee
20 engagement.
40 60 80 100 0 10 20 30 40 50 60 70
3% We don’t expect to update or augment our

phishing prevention or response processes 91% plan to upgrade their
6% phishing prevention and
Over 12
months Within response over the next year.
20% 29% 3 months
In Q4 2016 alone, the world saw over
7 to 12 1.2 million phishing attacks11. As phishing
months
emails become more sophisticated and
42% 4 to 6
dangerous, businesses know they need to keep
months defences up to date. Most aren’t waiting, with
plans to make upgrades within 12 months.
0 10
Figure 20 When
8: 30 do 40 50
you expect 60 70 or80augment your 0
to update 20 0 40 10 60 20 8030 100
40 50 60 0 10 20 30 4
phishing prevention and response processes?
Automated analysis: Automate analysis of

suspicious emails 59%
#1 on the wish list of Make it easier for users to
report phishing attempts 48%
anti-phishing solutions. Cluster similar
phishing attempts 40%
Manually analysing emails is difficult and
Manage the
volume of reports 39%
time-intensive. Although companies have
a choice of various analysis tools, they
Integrate our existing
security technologies 33%
usually don’t work in concert, complicating
Bolster our systems to
prevent future attacks 32%
the responder’s job—while malware may
be spreading throughout the organisation.
Analyse data to prevent
future breaches 19%
More than half of respondents see 0 10 20 30 40 50 60
automation as the best way to eliminate * Multiple responses allowed.

manual tasks and maximise finite resources Figure 9: What do you wish you could do better regarding phishing attempts?
The Missing Link

Investments in anti-phishing technology alone aren’t doing the job. Phishing threats of all types continually
reach employees, so companies need to view them as their last line of defence.
Popular technologies, like email gateway filtering and anti-malware solutions, work—but only up to a point.
Trained, vigilant employees are often better at detecting threats like BEC attacks. Human-reported intelligence
is invaluable to incident responders, who in turn can use automation to analyse and react.
Are all employees going to “get it” every time? Probably not. But that’s not necessary if the rest of the
organisation is trained to recognise and report phishing.

Large Multinational Manufacturer Fights Phishing with Cofense
Recognising its employees were vulnerable to phishing attacks, a multinational manufacturer of imaging
and optical products decided to act. The company implemented Cofense PhishMe™ and Cofense
Reporter™, so employees could identify and report suspicious emails. Since then, the company’s ability to
reduce phishing has improved vastly.
Moreover, this business has found the Cofense technical support team to be accessible and responsive.
“They give results in a couple of hours and they’re very nice people—all of them.”
The manufacturer’s Information Security Manager says he’d have no qualms about recommending Cofense
to his peers. When anyone asks him how to deal with phishing, his answer is simple: “Buy Cofense.”12
Read the Full Story
HOW EUROPE’S PHISHING RESPONSE

COMPARES TO THE US
Cofense has also produced a report on phishing response
trends in the US. Here’s how key results in Europe stack up:
Europe US
More European companies say they’re

unprepared for phishing. 57% 43%
Yet more in Europe have dealt with security
incidents sparked by deceptive emails. 78% 66%
65% 75%
Like US counterparts, most European
companies delay response with manual
phishing reporting or no reporting at all.
Most European companies plan to upgrade

their phishing defence within the next year. 91% 80%
In Europe, automated email analysis is the
most wished-for anti-phishing solution. 59% 33%

ABOUT Cofense
Phishing emails will continue to evade your layers of defence and reach your end users. Turning employees
into your last line of defence is the best way to fortify your entire organisation. The key: conditioning employees
to recognise and report malicious emails so incident response teams can research and respond faster.
Cofense focuses on engaging the human–your last line of defence after a phish bypasses other technology—
and enabling incident response teams to quickly analyse and respond to targeted phishing attacks.
Learn more about Cofense solutions at www.cofense.com
CITATIONS
1. Anti-Phishing Working Group (APWG), “Phishing Activities Trends Report,” 2017.
2. IT Pro, “UK Businesses under Attack from Phishing Scams,” 2016.
3. The Independent, “Hackers Target Irish Energy Networks Amid Fears of Further Cyber-Attacks on UK’s Crucial
Infrastructure,” 2017.
4. Wired, “A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever,” 2015.
5. CNBC, “French Presidential Frontrunner’s Campaign Hit by Phishing Attempts from Russia-Linked Hackers,” 2016.
6. Information Week, “Global IT Security Spending Will Top $81 Billion in 2016,” 2016.
7. The Radicati Group, Inc., “Email Statistics Report, 2015-2019,” 2015.
8. Verizon, “2017 Data Breach Investigations Report 10th edition,” 2017.
9. Mandiant, “M-Trends 2017: A View from the Front Lines,” 2017.
10. HelpNet Security, “Belgian Bank Crelan Loses €70 Million to BEC Scammers,” 2016.
11. Cisco Continuum News, 2017.
12. Cofense, “Multinational Imaging and Optical Manufacturer Reduces Global Phishing Exposure with Cofense,” 2017.

APPENDIX I : United Kingdom
Has your organisation ever experienced a security incident that
originated with a deceptive email?
UK/US
2% Not sure
No, never
21%
45%
32%
Yes, Yes, on
on one more than
occasion one occasion
0 10 20 30 40 50 60 70
How many suspicious emails are reported in your

organisation each week?
2% Unsure
501-1000
Up to 50
18%
20%
28%
0
32%
10 20 30 40 50
101-500 51-100
0 10 20 30 40 50 60 70 80 0 20 40 60
How do users report suspicious emails in your organisation?

Inbox where users can
manually submit the 65%
suspicious email
An add-in feature/button
within the email client
46%
By contacting
the helpdesk 49%
0
20 30 40 50
0 10 20 30 40 50 60 70 80 0 20 40 60 80 100
European Phishing Response Trends 2017 | A1

What type(s) of security solutions does your organisation use
or plan to use?
Computer-based
training 94%
Sandboxes 82%
URL analysis solutions 96%
event management tool 93%
Anti-malware solution 97%
Advanced threat solution 93%
External threat intelligence 84%
20 30 40 50 60 70 80 0 20 40 60 80 100 0 10 20 30 40 50 60 70 80
Which of the following security threats concerns you most?
76%
Phishing and
spear phishing
Whaling and
CEO Fraud UK/US 55%
Smishing
(deceptive SMS) 25%
USB malware
36%
Vishing
(social engineering
phone calls)
20%
None of the above 1% 0 10 20 30 40 50 60
80 100 0 10 20 30 40 50 60 70 80
0 10 20 30 40 50 60 7
What challenges do you have related to managing phishing attempts?

solutions that are not integrated 41%
Too many false alerts 45%
Inability to analyse threats data 29%
Inefficient response process 28%
Don’t know how to
prioritise threats 23%
10 20 30 Lack
40 of technical
50 60 resources 16%
Lack of training for users 24%
0 10 20 30 40 50

How effective0 do10 you
20
think
30 40
your
50 60
current
70 80
phishing
0 20
response
40 60
process
80 100
is?
Somewhat
1% Not effective
effective
Very
effective
43%
56%
0 10 20 30 40 5
50
When do you expect to update or augment your phishing prevention

10 20 30
and50 response
40 60 70 80
processes?
0 20 40 60 80 100 0 10 20 30 40 50 60 70

phishing prevention or response processes
6% Over 12
months
Within
20% 29% 3 months
7 to 12
months
42% 4 to 6
months
0 10 20 30 40 50 60
0 20 40 60 80 100 0 10 20 30 40 50 60 70 80
What do you wish you could do better regarding phishing attempts?

Automate analysis of
Make it easier for users to
Cluster similar
Manage the
future breaches 19%
0 10 20 30 40 50 60

APPENDIX II : Germany
Germany 3% Not sure
No, never
23%
39%
35%
Yes, Yes, on
on one more than
0 10 20 30 40 50 60 70

2% Unsure
501-1000
Up to 50
16%
18%
27%
0 37%
10 20 30 40 50
101-500 51-100
0 10 20 30 40 50 60 70 80 0 20 40 60 80

manually submit the 66%
suspicious email
By contacting
the helpdesk 51%
a standard process
2%
20 30 40 50 0
0 10 20 30 40 50 60 70 80 0 20 40 60 80 100 0

or plan to use?
Computer-based
training 92%
Sandboxes 81%
10 20 30 40 50 60 70 80 0 20 40 60 80 100 0 10 20 30 40 50 60 70 80
79%
Phishing and
spear phishing
Whaling and
CEO Fraud
Germany
53%
Smishing
(deceptive SMS) 28%
USB malware 24%
Vishing
(social engineering
phone calls)
14%
None of the above 2% 0 10 20 30 40 50 60
60 80 100 0 10 20 30 40 50 60 70 80

0 10 20 30 40 50 60 7

Don’t know how to
0 10
Lack
20
of technical
30 40
resources
50 60 14%
0 10 20 30 40 50

0 10 20 30 40 50 60 70 80 0 20 40 60 80 100 0 10
How effective do you think your current phishing response process is?
Somewhat
effective
Very
effective
37%
63%
50 0 10 20 30 40 5
10 20 30 When
4050 60do70you
80 expect
0 to update
20 40 60 or augment
80 100 your phishing
0 10 20 prevention
30 40 50 60 70 80
and response processes?

5%
Over 12
months Within
7 to 12
16% 34% 3 months
months
41% 4 to 6
months
0 10 20 30 40 50 60
0 20 40 60 80 100 0 10 20 30 40 50 60 70 80

Cluster similar
Manage the
future breaches 14%
0 10 20 30 40 50 60

APPENDIX III : France
France 2% Not sure
No, never
18%
41%
39%
Yes, Yes, on
on one more than
0 10 20 30 40 50 60 70

More
6% than 1000
501-1000
Up to 50
19%
20%
25%
0 30%
10 20 30 40 50 60
101-500 51-100
0 10 20 30 40 50 60 70 80 0 20 40 60 80

manually submit the
suspicious email
69%
By contacting
the helpdesk 33%
20 30 40 50 60 0
0 10 20 30 40 50 60 70 80 0 20 40 60 80 100 0

or plan to use?
Computer-based
training 100%
Sandboxes 92%
10 20 30 40 50 60 70 80 0 20 40 60 80 100 0 20 40 60 80 100
81%
Phishing and
spear phishing
Whaling and
CEO Fraud France 45%
25%
Smishing
(deceptive SMS)
USB malware
43%
Vishing
(social engineering
phone calls) 26% 0 10 20 30 40 50 60
60 80 100 0 20 40 60 80 100

0 10 20 30 40 50 60 7

Don’t know how to
0 10
Lack
20
of technical
30 40
resources
50 60 12%
0 10 20 30 40 50 60

0 10 20 30 40 50 60 70 80 0 20 40 60 80 100 0 2
Somewhat
2% Not effective
effective
Very
effective
48%
50%
60 0 10 20 30 40 5
10 20 30 When
4050 60do70you
80 expect
0 to update
20 40 60 or augment
80 100 your phishing
0 20 prevention
40 60 80 100

4% Over 12
months
Within
7 to 12
months
23% 34% 3 months
39% 4 to 6
months
0 10 20 30 40 50 60
0 20 40 60 80 100 0 20 40 60 80 100

Cluster similar
Manage the
future breaches 16%
0 10 20 30 40 50 60

APPENDIX IV : Belgium
Belgium
No, never
8%
39% 53%
Yes, Yes, on
on one more than
0 10 20 30 40 50 60 70

Up to 50
501-1000
6%
16%
41%
0 37%
10 20 30 40 50
101-500 51-100
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50

manually submit the
suspicious email
57%
By contacting
the helpdesk 65%
20 30 40 50 0
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 0

or plan to use?
Computer-based
training 53%
Sandboxes 41%
10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 0 20 40 60 80 100
82%
Phishing and
spear phishing
Whaling and
CEO Fraud Belgium 78%
8%
Smishing
(deceptive SMS)
USB malware
63%
Vishing
(social engineering
phone calls) 14% 0 10 20 30 40 50 60 70 80
0 40 50 60 0 20 40 60 80 100

0 10 20 30 40 50 60 7

Don’t know how to
0 10
Lack30of technical
20 40 50
resources
60 70 80 6%
0 10 20 30 40 50

0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 0 2
Somewhat
2% Not effective
effective
Very
effective
18%
80%
50 0 10 20 30 40 50 60
10 20 30 When
4050 60do70you
80 expect
0 10to update
20 30 or
40 augment
50 60 your phishing
0 20 prevention
40 60 80 100

Over 12
months
15% Within
26% 3 months
7 to 12
16%
months
43% 4 to 6
months
0 10 20 30 40 50 60 70 80
0 10 20 30 40 50 60 0 20 40 60 80 100

Cluster similar
Manage the
future breaches 24%
0 10 20 30 40 50 60 70 80

APPENDIX V : The Netherlands
Netherlands 4% Not sure
No, never
28% 28% Yes, on

more than
one occasion
Yes, 40%
on one
occasion
0 10 20 30 40 50 60 70

More
6% than 1000
501-1000
Up to 50
22%
22%
30%
0 20%
10 20 30 40 50 60
101-500 51-100
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 7

manually submit the
suspicious email
64%
By contacting
the helpdesk 50%
20 30 40 50 60 0
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 70 80 0

APPENDIX V : The Netherlands
or plan to use?
Computer-based
training 64%
Sandboxes 44%
10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 70 80

Phishing and
spear phishing 64%
Whaling and
CEO Fraud
Netherlands
58%
Smishing
(deceptive SMS) 22%
USB malware 20%
Vishing
(social engineering
phone calls)
22%
None of the above 2% 0 10 20 30 40 50 60
0 50 60 70 80 0 10 20 30 40 50 60 70 80

0 10 20 30 40 50 60 7

Don’t know how to
0 10
Lack
20
of technical
30 40
resources
50 60 20%
0 10 20 30 40 50 60

APPENDIX V : The Netherlands 0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 70 80 0 10
Somewhat
effective
Very
effective
56%
44%
60 0 10 20 30 40 5
10 20 30 When
4050 60do70you
80 expect
0 10 to
20 update
30 40 50or60
augment
70 80 your phishing
0 10 20 prevention
30 40 50 60 70 80

4%
Over 12
months 20% Within 3 months
24%
7 to 12
months
48% 4 to 6
months
0 10 20 30 40 50 60
0 10 20 30 40 50 60 70 80 0 10 20 30 40 50 60 70 80

Cluster similar
Manage the
future breaches 14%
0 10 20 30 40 50 60

Phishing Response Trends Europe

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Phishing Response Trends Europe

Caricato da

Copyright:

Formati disponibili

PHISHING

Companies in Europe and around the world are ramping up to

Notable Findings of This Report

78% 41% 57% #1

European Phishing Response Trends 2017 | 1

deceptive email, with nearly half

2% Unsure 1 in 5 respondents see more than

or even thousands of emails to find the real threats?

European Phishing Response Trends 2017 | 2

Manual reporting and Inbox where users can

analysis delay detection manually submit the

task for IT professionals who’d rather

European Phishing Response Trends 2017 | 3

Multiple layers of security

57% say their phishing response Somewhat

European Phishing Response Trends 2017 | 4

3% We don’t expect to update or augment our

Automated analysis: Automate analysis of

automation as the best way to eliminate * Multiple responses allowed.

The Missing Link

European Phishing Response Trends 2017 | 5

Read the Full Story

HOW EUROPE’S PHISHING RESPONSE

More European companies say they’re

Most European companies plan to upgrade

European Phishing Response Trends 2017 | 6

Learn more about Cofense solutions at www.cofense.com

European Phishing Response Trends 2017 | 7

How many suspicious emails are reported in your

How do users report suspicious emails in your organisation?

European Phishing Response Trends 2017 | A1

Which of the following security threats concerns you most?

* Multiple responses allowed.

What challenges do you have related to managing phishing attempts?

* Multiple responses allowed.

European Phishing Response Trends 2017 | A2

When do you expect to update or augment your phishing prevention

3% We don’t expect to update or augment our

20% 29% 3 months

What do you wish you could do better regarding phishing attempts?

European Phishing Response Trends 2017 | A3

How many suspicious emails are reported in your

How do users report suspicious emails in your organisation?

European Phishing Response Trends 2017 | A4

Which of the following security threats concerns you most?

* Multiple responses allowed.

What challenges do you have related to managing phishing attempts?

Multiple layers of security

* Multiple responses allowed.

European Phishing Response Trends 2017 | A5

and response processes?

What do you wish you could do better regarding phishing attempts?

* Multiple responses allowed.

European Phishing Response Trends 2017 | A6

How many suspicious emails are reported in your

How do users report suspicious emails in your organisation?

European Phishing Response Trends 2017 | A7

Which of the following security threats concerns you most?

* Multiple responses allowed.

What challenges do you have related to managing phishing attempts?

Multiple layers of security

* Multiple responses allowed.

European Phishing Response Trends 2017 | A8

and response processes?