In 2011, Dimensional Research and Check Point conducted a survey of IT Professionals on The Risk Of Social Engineering On Information Security. The report provides some key insights into security professionals concerns related to social engineering risks and what they are doing about such threats.
The report was based on a global survey of 853 IT professionals conducted in the United States, United Kingdom, Canada, Australia, New Zealand, and Germany during July and August 2011. The goal of the survey was to gather data about the perceptions of social engineering attacks and their impact on businesses. Below are some of they findings:
The threat of social engineering is real:
- 97% of security professionals and 86% of all IT professionals are aware this security threat
- 43% know they have been targeted by social engineering schemes
- Only 16% were confident they had not been targeted by social engineering, while 41% were not aware if they had been attacked or not
Financial gains are the primary motivation of social engineering:
- 51% of social engineering attacks are motivated by financial gain
- 14% of social engineering attacks are motivated by revenge
Social engineering attacks are costly:
- 48% of large companies and 32% of companies of all sizes have experienced 25 or more social engineering attacks in the past two years
- 48% of all participants cite an average per incident cost of over $25,000
- 30% of large companies cite a per incident cost of over $100,000
New employees are most susceptible to social engineering techniques:
- New employees (60%), contractors (44%), and executive assistants (38%) are cited to be at high risk for social engineering techniques.
Lack of proactive training to prevent social engineering attacks:
- Only 26% of respondents do ongoing training
- 34% do not currently make any attempt to educate employees
