Skip to main content

Many companies would sack employees over phishing mistakes

cyber attack
(Image credit:

Employees who repeatedly fall for real or simulated phishing attacks at work are in danger of getting sacked, a report from security firm Proofpoint reveals.

Based on a survey of 600 information security professionals, the report states that 27% of UK companies have admitted that a lack of cybersecurity awareness and resilience against phishing attacks could lead them to dismiss workers.

The reason companies are taking a hard stance on phishing is that it can lead to more serious compromises and lay the foundation for future ransomware attacks.

The research report also reveals that the number of organizations falling victim to double extortion has seen a sharp increase, with the volume of firms paying two rounds of ransom demands to hackers increasing to 1500% year-on-year (YoY).

Further, Proofpoint found that 67% of adults are unfamiliar with the concept of ransomware, with 36% defining the term incorrectly. Over 50% of employees were also found to have allowed friends and family to access their work-issued devices. 

“Threat actors worldwide are continuing to target people with agile, relevant, and sophisticated communications—most notably through the email channel, which remains the top threat vector,” said Alan LeFort, SVP and GM of Security Awareness Training at Proofpoint. 

“Ensuring users understand how to spot and report attempted cyberattacks is undeniably business-critical, especially as users continue to work remotely– often in a less secured environment. While many organizations say they are delivering security awareness training to their employees, our data shows most are not doing enough.”