The most common security issue for businesses probably isn't that big a surprise

(Image credit: © A. Stefanovska))

Cybersecurity researchers from ESET discovered that phishing has been the biggest incident type for companies of all shapes and sizes over the past four years.

Of all the incidents reported to the ICO's Data security incident trends report, phishing was by far the most-reported, with almost 2,700 incidents (2,694), roughly twice as many as second-placed unauthorized access. 

With just above 1,000 incidents, ransomware (opens in new tab) was the third most reported incident type, followed by verbal disclosure of personal data, and hardware/software misconfiguration.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab)

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.

Media hit hardest

In these past couple of years, the number of reported cybersecurity incidents soared, from 573 reports in Q1 2019, to 714 in Q2 2022. Most incidents reported - 737 - occurred in Q2 2020, which ESET speculates might have been due to Covid-19 restrictions forcing people to work remotely.

All sectors have been hit with cyberattacks, but the media industry seems to have had it worst. It had a relatively low number of data security incidents overall, ESET says, but it also had the highest share of cyber incidents. 

Retail and Manufacture had the highest number of cyber incidents overall at 943, followed by General Business (858) and Finance, Insurance and Credit (788).  

Analyzing cyber-incidents overall, ‘Data emailed to incorrect recipient’ is the most common one (3,719 since Q1 of 2019/20), followed by ‘Data posted or faxed to incorrect recipient’ and ‘Loss/theft of paperwork or data left in insecure location’ (2,806 and 1,931 incidents).

With attackers getting more proficient and using better tactics, it’s never been so important to verify authentic emails, says Jake Moore, Global Cybersecurity Advisor at ESET. 

“Criminals continue to use emails as their number one attack vector of choice in the hope that they can install malware (opens in new tab) or take over email accounts, masquerading as someone known to the victim to siphon off sensitive information. 

Having safeguards in place, such as a firewall (opens in new tab), is a must, he continues.

"Organizations must ensure they are prepared for phishing emails by having robust controls in place such as spam filters and multi-factor authentication, however, user awareness and training remain the best defense against these increasing attacks.” 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.