PAV study highlights phishing threat to SMEs

A recent study carried out by PAV it Services in conjunction with one of the UK's leading insurers highlighted the vulnerability of staff working at Small and Medium Sized Businesses (SMBs) when faced with phishing emails.  This is despite cyber attacks having a higher public profile since the WannaCry Ransomware that crippled the NHS and many other organisations in May.

Sussex-based PAV, which was recently selected as a founding technology partner of the government-backed London Digital Security Centre, tested over 350 executives and employees at 11 businesses based in London and the South East. PAV sent them a number of phishing emails, often based on their office location or business area, in order to understand how staff would react if a malicious email slipped through their IT defences. The findings highlight the need for company owners to take rapid action to improve their cyber security.

Key findings:

·       Although only 42% of staff opened the emails, the majority of them (71%) were then deceived into clicking on links that took them to an external website, which could lead to a potential security breach. They were then asked to download a file or enter login details and these actions were carried out by 21% of people taking part in the tests. This is a more serious failure as it would most likely lead to a major security incident.

·       An email spoofing (impersonating) a company executive, asking staff to enter login details in order to check password complexity resulted in 14.5% of recipients divulging this information.

·       The email that received the highest failure rate was a fake Dropbox link, which varied according the business activity of each company, and often referred to a fictitious sales quote. This email generated a 38% failure rate with 27% of employees clicking on the download button.

·       Only one of the eleven companies passed the test with no employees clicking on links. 

·       Seven out of the eleven companies tested had incorrectly configured 'anti-spoofing' settings.


Combined statistics for all emails sent


PAV Managing Director Jason Fry commented: "These simulations have highlighted that businesses are highly vulnerable to phishing attacks. Government research shows that just under half (46%) of all UK businesses identified at least one cyber security breach or attack in the last 12 months. As the majority of these attacks originate with a phishing email, this is obviously a huge problem area that needs to be addressed."

Jason strongly advises business managers to ascertain what level of risk is acceptable to them and to be proactive.

"Once companies realise and accept that they are exposed to cyber crime, there are several simple and relatively inexpensive steps that they can take to remove themselves from the category of low hanging fruit, offering easy pickings to cyber criminals," he explains. "We tell our clients that they need to view cyber security as a journey because it is unlikely that they can achieve all their goals straight away."

Some simple steps to become more resilient

PAV recommends SMEs to take the following cost-effective measures to become more secure: 

·         Start with a cyber security audit to provide a roadmap of the appropriate policies and procedures that need to be put in place. This assessment helps companies avoid falling into the trap of buying expensive software that may not be the answer to their security needs. PAV recommends that a suitably security-skilled professional carry out this audit, which might mean looking to a third party provider.   

·         Carry out awareness training on a continuous basis so that cyber security stays in the consciousness of all employees and creates a company culture based on alertness and vigilance towards potential threats. This is best run in tandem with regular phishing simulations.

Jason concludes: "The good news is that it is often not too difficult or expensive for companies to take the measures required to become significantly more secure. The challenge is making them aware of the problem before they become victims of cyber crime."  

If you would like to know more about how PAV i.t. can help, call us on 01273 834 000 or simply enter your name, email address and telephone number and a member of our team will be in touch as soon as possible:


PAV i.t. services
Reeds Lane, Sayers Common
West Sussex, BN6 9LS
General enquiries: +44 (0)1273 834 000
Support / service desk: +44 (0)1273 834 433


PAV study highlights phishing threat to SMEs
A recent study carried out by PAV i.t. Services in conjunction with one of the UK's leading insurers highlighted that 29% of staff working at Small and Medium Sized Businesses (SMBs) open phishing emails.

Legal firms prime target for cybercriminals warn experts
With 62% of law firms falling victim to cybercriminals in the last year, and only 35% with a mitigation plan in place in the event of an attack, experts are warning that practices need

Security should be top priority for mobile developers to protect consumers
With the recent surge in fake apps tricking consumers out of personal data, experts are warning that manufacturers and developers of mobile devices need to make security a top priority in the design process to mitigate the serious risks posed by hackers.

PAV i.t. hosting free cybersecurity workshop for businesses
PAV i.t. will be holding a free cybersecurity workshop for businesses at Sussex Downs College in Eastbourne on Friday 24th February from 10am to 2pm.

From computer to crash helmet: Andy going for rally car glory
Andy Hollingham, an employee from PAV i.t., will be swapping his computer for a crash helmet when he takes part in the South Downs Stages rally car racing at Goodwood on Saturday 11th February.

From fiction to fact: the cybercrime threats of the future
Cybercrime was big business for fraudsters in 2016 with cybercriminals racking up an estimated £1 billion in damages to companies across the UK.

PAV i.t.'s experts examine security breaches at Yahoo and TalkTalk
Big business are not immune to cybercrime: PAV i.t. examines high-profile hacks at Yahoo and TalkTalk

Festive season prime time for IT outages warns PAV i.t.
With the cost of IT downtime, outages and failures costing UK businesses in excess of £12 billion in lost productivity in 2015, PAV i.t. is warning companies to be prepared...

It's good to talk: PAV i.t. urges firms to share their experiences to help in the fight against cybercrime
We regularly discuss the threats to businesses from the online world, and offer our expert advice about the steps firms can take to protect themselves. But despite various awareness campaigns about the threat of cybercrime, it remains a taboo subject


We are so looking forward to #DattoCon18 in #Barcelona & excited to share our experiences on the Datto suite which…

@SophosPartners @AspireCharity How about the London Revolution next year ? - would love to…

We use cookies to help provide you with the best possible online experience.
By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.