Top Cyber Threats: Phishing Emails Deemed Most Dangerous Threat to UK Businesses - Hackers Don’t Even Make Top Five

Posted on March 16, 2018
  • 59% of UK businesses see links in email as the top threat.
  • Finance (£215m) and IT (£266m) departments see the most funding for GDPR investment.
  • Education sector (31%) rivals Technology and Telecoms industry (32%) in being ready for GDPR.
  • Healthcare (17%) the least likely to be ready for GDPR over any other sector. Retail (18%), Marketing (19%) and Legal (21%) sectors follow close behind. 


Theale (UK) 16th March, 2018 - Research from information security company Clearswift has shown that links within emails are perceived as posing the biggest cyber threat to UK businesses, with 59% of business decision makers highlighting this as a chief concern for businesses, far more than any other threat.

The research surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany, and Australia. When asked what the biggest threat to their organization, phishing emails was ranked as the top threat in all four surveyed regions.

A lax attitude by employees to sharing passwords was ranked second on the list, with one-third (33%) of UK businesses listing this as one of the biggest threats. The once proud USB closely followed with 31% selecting USB/removable storage devices as a major threat. Worryingly, ahead of the GDPR deadline on May 25th, 30% felt that employees not following data protection policy could be one of the biggest threats to their organization.

Failure by firms to cut off ex-employees from the network was next on the list with more than one in four (28%) considering this a major threat.

Despite the media frenzy surrounding major hacks in 2017, hackers only ranked sixth on the list of biggest threats to a business with 25% of businesses flagging this as a major threat.

Links within emails



Employees sharing usernames/passwords



Introduction of viruses/malware via personal devices






Ex-employees retaining access to network



Users not following protocol/data protection policy



Removable storage devices/USBs



Whether firms currently have all of the necessary processes in place to be compliant the top five performing sectors included technology and telecommunications (32%), education (31%), IT (29%), business services (29%) and finance (29%).

The survey has also revealed, of all the sectors, healthcare is the least likely to be ready for the upcoming GDPR, with only 17% of private and public sector bodies claiming to have the processes in place to comply with the legislation. Following closely behind is the retail sector with a mere 18% of the industry ready for GDPR, and marketing at 19% and legal at 21%.

Overall, the research has shown that only a quarter (26%) of businesses are currently ready for General Data Protection Regulation (GDPR). However, with the deadline fast approaching, a further 44% are putting processes in place and expect to be ready in time for May next year, when the legislation comes into force.

Dr. Guy Bunker, SVP of Products at Clearswift, said: “With 64% of UK businesses currently making moves towards GDPR compliance, the outlook is not as bleak as previously thought.   

“It is clear that the regulation has grabbed the attention of businesses, but what is important is that their focus is in the right place. Those viewing GDPR as an opportunity will be in the best position to not only comply but evolve their organizations, enhance their security posture and achieve business growth.”

“Educating employees about how to safeguard critical information, introducing data protection guidelines and instilling a culture of data consciousness in the workplace will not only bring organizations closer to compliance but help reduce the chances of a data breach.”

Although the majority of businesses may not currently be ready for GDPR, employers have begun to identify the departments within their organizations where data protection is needed most. The most common departments to have budget allocated for spend on GDPR are finance and IT (31%). This is particularly relevant as most businesses believe their critical data predominantly lies in the finance department (55%), suggesting that finance will be under the spotlight in the coming months as organizations look at how they can prepare for GDPR.

When looking at the size of an organization, 46% of the businesses that reported they are ready for GDPR had between 500 – 999 employees. Compared with larger corporations of 5000 or more employees, only 19% reported they are ready, suggesting that bigger is not necessarily better.  Smaller enterprises are leading the way over their larger counterparts in putting processes and technology in place ahead of May 2018.

While many organizations are expecting to be ready for GDPR, our research has shown that a typical company-wide IT project takes around six months to roll-out, meaning those that aren’t ready now are running out of time to introduce new technology which could help them comply with the legislation.

Dr. Bunker added:

"The key focuses for GDPR compliance are educating employees and understanding where your data lies. However, organizations that are still looking at how they can prepare should focus on security solutions that can be integrated within existing infrastructures, such as Data Loss Prevention (DLP) tools and content inspection software, which are the biggest priorities in preventing data loss and can be used to demonstrate compliance with GDPR legislation. This can save time and costs by adding these to existing security investments instead of the removing old technology and replacing it with completely new solutions.


Notes to editors:

This research was conducted by technology research firm, Vanson Bourne, on behalf of Clearswift. Over 600 business decision makers and 1,200 employees from the UK, US, Germany, and Australia were polled to map the attitudes of businesses and employees relating to cybersecurity.

Press Contact

MRB Public Relations
[email protected]

C8 Consulting
+44 118-334-0220
[email protected]

About Clearswift

Clearswift’s content-aware, policy based solutions enables defense, government, healthcare and financial services organizations across the globe to manage and maintain no-compromise data, email, cloud and web security.

Recent News
January 12, 2023

In this IT Security Wire article, cybersecurity experts Eric George and Tom Gorup share their 2023 cybersecurity predictions.

September 2, 2022

MINNEAPOLIS (September 1, 2022)—Fortra announced today the acquisition of Outflank, a well-regarded IT security leader with de

July 21, 2022

Fortra employee, Ciaran Rafferty shares his thoughts on everything from cybersecurity trends to the future of email security in this interview with Intelligent CIO. 

April 12, 2022

MINNEAPOLIS —April 8, 2022—Fortra announced today the acquisition of Terranova Security, a leader in global phishing simulation and security awareness t

March 9, 2022

Managed detection and response (MDR) forms new cornerstone of Fortra's cybersecurity portfolio