Furthermore, 36 percent of those surveyed have been affected as many as three times a year, with substantially negative impacts on productivity, as well as creating significant expense for the business if PCs and servers need to be disinfected or reinstalled to recover from malware-based spam being opened and executed by a user. Fifteen percent of respondents also admitted their business experienced major spam-related IT failures more than 10 times in the last year.
The blind, independent study was conducted for GFI Software by Opinion Matters, surveying 200 US IT decision makers from organizations with between five and 1,000 employees.
Key findings from the survey include:
- Phishing is the most common type of spam companies combat, with 49 percent of respondents citing it as the most prevalent type of spam their organization receives.
- Banking spam, from real, but unsolicited companies, was the second biggest problem, named by 44 percent of respondents.
- Dating site spam was the third most common type, with 34 percent of respondents reporting it as their main concern.
- 56 percent of those surveyed detected an increase in spam levels over the past year, while only 13 percent saw their levels of incoming spam decrease.
- 77.5 percent of companies rely on end-users to exercise their best judgment in dealing with any spam not caught by a server-side or client-side filter.
Spam’s share of overall email
Despite the perceived growth in the volume of spam that organizations must manage, spam’s overall share of email traffic remains relatively low. Thanks in part to the growing reliance on email for everyday business communication and increased volume – both internally and externally – 40 percent of those surveyed reported that spam accounts for no more than 15 percent of their overall email traffic, indicating that spam-related damage is a bigger challenge than volume. However, one-third of respondents also admitted that spam accounts for up to one-quarter of their overall email traffic, and a further 13 percent said spam accounts for as much as one-half of overall traffic. These heightened rates of incidence significantly increase the chance of malicious spam getting past filters and fooling unsuspecting users.55% of people believe 10% of stored email is spam
The numbers are similar when looking at spam’s impact on email storage. Effective filtering, paired with good policies and training, should ensure that most spam gets trapped at the server, and anything that leaks through is either dealt with by client-side spam measures and user best practice. While 45 percent of those surveyed said that spam accounts for up to 15 percent of overall stored and archived email, one-fifth put the figure at no more than 10 percent of total storage. The remaining 36 percent are dealing with a major storage overhead, with up to half of their mail storage consumed by spam, costing the company money and delivering no value.
Networks face the most likely disruption
The most common form of spam-related disruption is network disruption, according to 27 percent of those surveyed, while 22 percent have been hit by malware as a result of a user responding to a spam email. When organizations have been disrupted by a spam-related disturbance – for example, a user clicking on a malware-infected attachment or link to a malware-filled website – the disruption to the business is substantial. The survey revealed that 48 percent lost up to three hours of productivity as a result of a spam incident. More than one-third (34 percent) have lost up to five hours per incident, while nine percent have lost up to nine hours – more than a full work day in most organizations.
The role of spam filtering and policy
Despite some uncertainty over who is responsible for spam, there is some clear policy guidance on what to do with it, with 69 percent of respondents advising users to simply delete anything that appears to be spam from their inboxes. Only 3 percent do not have a policy.
Unfortunately, in their effort to cope with the ever-increasing complexity and sophistication of spam – particularly phishing mail – some legitimate mail can generate false positives and be blocked, more so if spam filters are not configured correctly. Almost two-thirds (65 percent) of respondents have experienced this in the past year, with almost half (46 percent) only experiencing up to three false positives a year.
A copy of the full survey results can be found at: http://www.gfi.com/documents/GFI-Spam-survey-2014.zip