A shocking 97% of FTSE 250 companies are not adequately protecting their customers against phishing attacks, according to a new industry report from Cyber Security Partners (CSP).
The findings reveal that only 17 companies in the FTSE 250 are using the DMARC standard to prevent email scams which enable theft of customer passwords, bank accounts, credit cards and other sensitive information.
DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication protocol that enables senders to monitor and protect a domain from fraudulent email.
Furthermore, of the 17 companies in the FTSE 250 using DMARC, it appears only six are using this security standard as a means to quarantine or reject malicious email, leaving the customers of 97% of FTSE 250 companies dangerously exposed to phishing attacks.
The Cyber Security Partners investigation also found that of the UK’s top 500 companies based on internet site ranking, only 28% currently possess a valid DMARC entry. Of the 139 companies using the DMARC standard, only 59 are operating a reject or quarantine response, leaving customers of 88% of companies without any protection against phishing attacks.
Stuart Robb, CEO and founder of Cyber Security Partners, comments: “Up until now, far too much emphasis has been placed on individuals to safeguard themselves online. All the while businesses have been getting away with providing an appalling level of protection for their customers. Giving advice is an easy option but it’s as a result of this lax approach that millions of UK consumers are being put at unnecessary risk of cyber attacks. We strongly believe that if businesses wish to use email as a channel for communication with consumers, it is their inherent duty to protect customers against the increasing threat of phishing.
It’s no wonder that there are an estimated 156 million phishing emails sent every day, if this is the state of the defences of some of the UKs biggest businesses. Successful attacks have severe consequences, not only for the consumer, but also for the businesses that so freely enable them. It is staggering that companies would put themselves at such serious financial and reputational risk at the hands of cyber criminals seeking to exploit consumer trust in their brand.
Consumer education is just one component in the fight against cyber crime and with business solutions available to prevent malicious phishing attacks, companies must take the lion-share of responsibility for ensuring customer safety online. We urgently call for businesses to review their cyber security policies and recognise their role in protecting UK consumers against cybercrime.”