top of page

Phishing attacks dominated threat landscape in 2021

As outlined in the latest Weekly Threat Report from the NCSC, Cyber security company Proofpoint have released their annual “State of the Phish” report, revealing the impact of phishing attacks in 2021. And it does not make for good reading.

According to the report’s findings, 91% of UK companies surveyed experienced at least one successful email-based phishing attack last year - with 84% reporting email-based ransomware attacks. Almost 60% of those infected with ransomware paid a ransom.

Those figures are staggering, and pinpoint exactly why we continuously push out the message that phishing can be so damaging to businesses.

The report also finds that a shift to remote or hybrid working has had an impact. However, only 37% of the businesses surveyed said that they educate their workers about best practices for remote working, illustrating a worrying gap in security best practice knowledge for the “new normal” of working. For example, 97% of workers said they have a home Wi-Fi network, but only 60% said their network is password-protected, a major lapse in basic security hygiene.

This is why we maintain our stance that a business’s employees can be the barrier against such attacks, or the first line of defence. And that’s why we’re so keen to promote our Security Awareness Training which is aimed at educating employees - regardless of existing knowledge base - to spot the signs of a phishing emails or text before it’s too late.

The report continues to warn that ransomware is still the biggest cyber threat facing UK organisations, both large and small, and phishing is a common vector for cyber criminals to infect networks.

Phishing emails are getting harder to spot, we know this, and we are constantly updating our guidance and training materials to keep up to speed with their evolution. And whilst we have training available, there is also guidance out there on what to look out for, and how to improve your organisation’s resilience. Raising staff awareness of this threat is vital.

We’d also encourage all organisations to familiarise themselves with the NCSC’s advice on mitigating malware and ransomware attacks.

Details of our Security Awareness Training are on our website, or you can reach us via the Contact form if you have any questions.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page