The most likely targets of social engineering attacks are newly appointed employees and contractors.
According to a survey by Check Point, 42 per cent of UK companies have suffered 25 or more social engineering attacks in the past two years, at an average cost of £15,000 per incident.
The survey of around 850 IT and security professionals in the US, Canada, UK, Germany, Australia and New Zealand found that new-starters (52 per cent) and contractors (44 per cent) were the most likely targets. It also found that 44 per cent of UK companies have no employee training or policies in place to guard against attacks.
However, 80 per cent of UK IT and security professionals were either "aware" or "highly aware" of the risks associated with social engineering.
Terry Greer-King, UK managing director of Check Point, said: “Although the survey shows that nearly half of enterprises know they have experienced social engineering attacks, 41 per cent said they were unsure whether or not they had been targeted.
“Because these types of attacks are intended to stay below an organisation's security radar, the actual number of organisations that have been attacked could be much higher. Yet 44 per cent of UK companies surveyed are not currently doing anything to educate their employees about the risks, which is higher than the global average.
“An organisation's employees are a critical part of the security process as they can be misled by criminals, or make errors that lead to malware infections or unintentional data loss. Many organisations do not pay enough attention to the involvement of users, when in fact employees should be the first line of defence.”