68% of organizations have seen their day-to-day business operations severely disrupted or completely stopped as a result of at least one spam-related incident in the last year alone, according to GFI Software.
45% of those surveyed have been affected as many as three times a year, substantially impacting productivity, as well as creating significant cost for the business if PCs and servers need to be disinfected or reinstalled to recover from malware-based spam being opened and executed by a user. Some 7% of respondents also admitted to their businesses falling foul of major spam-related IT failures more than 10 times a year.
Key findings include:
- Phishing is the most common type of spam that organizations combat, with 46.5% of respondents citing it as the most prevalent type of spam their organization receives.
- Gambling spam was the second most common spam type, with 39% of respondents naming it as their main concern.
- Banking spam, from real but unsolicited companies was the third biggest problem, reported by 35% of respondents.
- 54% of those surveyed detected a rise in spam levels over last year, while only 15% saw their levels of incoming spam drop.
- 79% of companies rely on end users to exercise their best judgement to deal with any spam not caught by a server-side or client-side spam filter.
Despite the perceived growth in the volume of spam organizations must manage, spam’s overall share of email traffic remains relatively low. Thanks in part to the growing reliance on email for everyday business communication and increased volume – both internally and externally – 50% of our survey reported that spam accounts for no more than 15% of overall email traffic, making volume less of an issue and the destructive nature of some spam types the bigger challenge. However, a quarter of our survey also admitted that spam accounts for up to a quarter of their overall email traffic, and a further 8% said spam accounts for up to half of overall traffic. These heightened rates of incidence significantly increase the chance of malicious spam getting past filters and fooling unsuspecting users.
The numbers are similar when looking at the impact of email storage. Effective filtering paired with good policies and training should ensure that most spam is trapped at the server, and anything that leaks through is either dealt with by client-side spam measures and user best practice.
While 56% of those surveyed said that spam accounts for up to 15% of overall stored and archived email, and a quarter (24%) put the figure at no more than 10% of total storage, the remaining 21% are dealing with a major storage overhead, with up to half their mail storage consumed by spam, costing the company money and delivering no value.
Sergio Galindo, general manager of GFI Software, said: “Criminals are increasingly using spam to deliver malware payloads into the workplace with a view to either causing disruption, holding PCs and servers to ransom or even stealing valuable information that can be sold or used for fraud. Infected machines mean unproductive computers and users, limiting business activities and losing money. Stolen data can result in everything from fines to lost customer confidence, while even non-malware spam creates disruption by clogging mailboxes, filling up storage and consuming IT admin time that could be put to work on more valuable tasks.”
The research revealed that one in five end users in the organizations surveyed are required to actively deal with spam that is not trapped by spam filters. While 44% said their organization’s employees ignore spam – not ideal but ignored spam is at least inert spam – a third (33%) admitted to a lack guidance on who was responsible for dealing with spam that makes it to the end user.
The most common form of spam-related disruption is malware infection, according to a quarter (24%) of those surveyed. When organizations have been disrupted by a spam-related disturbance – for example a user clicking on a malware-infected attachment or link to a malware-filled website – the disruption to the business is substantial. The survey revealed that 58% of those surveyed lost up to three hours of productivity as a result of a spam incident. Almost a third (31%) have lost up to five hours per incident, while 9% have lost up to nine hours – more than one working day in most office-based organizations.
“The impact of a spam incident on a business should not be underestimated. Lost productivity not only has a cascade effect across the business, it directly hits a company’s bottom line. If you are lucky, the time spent by IT recovering a PC or server will be quick, but if machines and data are stolen or locked up in a ransomware malware scam, the time and cost to the organization can quickly spiral,” added Galindo.
The blind, independent study was conducted for GFI Software by Opinion Matters, surveying 200 UK IT decision makers from organizations with between five and 1,000 employees.