--- description: Is anti-phishing software enough to protect businesses from phishing attacks? Read this report to know what measures Canadian respondents take. image: https://gdm-localsites-assets-gfprod.imgix.net/images/getapp/og_logo-94fd2a03a6c7a0e54fc0c9e21a1c0ce9.png title: Can anti-phishing software protect businesses from phishing? --- # 54% of surveyed senior managers use anti-phishing software Canonical: https://www.getapp.ca/blog/4226/protect-business-from-phishing-attacks Published on 2023-09-29 | Written by Smriti Arya. ![54% of surveyed senior managers use anti-phishing software](https://images.ctfassets.net/63bmaubptoky/3NUsGHTkhbUuSQkGDBeyhs/f0d8be1c66596ee87915ee6fa0742b7e/Protecting-from-phishing-attacks-CA-GetApp-Header.jpg) > Hackers continuously design new ways to trick users into performing actions which may cause reputational or financial loss. However, deploying suitable measures and identifying phishing attacks may stop users from falling prey to such cybercrimes. GetApp surveyed 457 employees and managers who have faced phishing attacks at least once to understand what they are doing to protect their business from such scams. ----- ## Article Content Hackers continuously design new ways to trick users into performing actions which may cause reputational or financial loss. However, deploying suitable measures and identifying phishing attacks may stop users from falling prey to such cybercrimes. GetApp surveyed 457 employees and managers who have faced phishing attacks at least once to understand what they are doing to protect their business from such scams.What we will coverA combined total of 90% of senior manager respondents find phishing attacks a cause for concernMore than half of the surveyed senior managers say they have anti-phishing software in placeSenior managers use measures like updating cybersecurity software regularly and using antivirus toolsOrganizing trainings to prevent phishing attacks can be usefulThe increasing use of the internet and various online platforms may make it easier for hackers to target people using fake websites and messages. These are typically designed to trick recipients into downloading viruses or providing sensitive information. Despite the development of various security solutions, phishing attacks continue to rise and are becoming harder to detect, as discussed in part 1 of this two-part report. This could be because phishing attacks usually work on social engineering methods, which involve impersonating a trusted entity or creating a sense of false urgency. Due to such psychological manipulations, users may not be able to recognize phishing scams even if they are using security tools such as antivirus software. In this context, companies should ideally have specific strategies and take appropriate measures to create awareness about such attacks. We surveyed 457 employees and managers who use computers/laptops daily to understand what measures they have been taking to overcome such attacks. The full methodology can be found at the bottom of the article. A combined total of 90% of senior manager respondents find phishing attacks a cause for concernIn July 2023, it was reported that an unauthorized party gained access to the Petro-Points members’ basic information in a cybersecurity incident. The company responded by writing an email to its customers to look out for unusual emails or messages. This likely led to some mistrust among consumers and loss of reputation.Such incidents clearly indicate that organizations can fall prey to sophisticated phishing attacks. Our study also reveals that a combined total of 90% of respondents who identified themselves as senior management, executive management, and owners —whom we’ll refer to as senior managers— are concerned about phishing attacks at some level. It’s worth noting here that only 10% of surveyed senior managers believe that phishing attacks are not at all a cause for concern. We can safely infer from this that phishing scams are a significant cause of business concern for most senior manager respondents. So, companies should ideally prepare their employees to recognize and react appropriately when encountering such attacks.  In fact, Cat Coode, a data and privacy strategist from Binary Tattoo, a cybersecurity firm based in Waterloo, Ontario, says, 'It's not if you're going to be breached; it's when you'll be breached.' 8 in 10 senior managers feel that remote/hybrid companies are more prone to phishing attacksWith approximately 31% of Canadians working fully remotely who usually share, store, or access data online wherever they go, such enterprises could be more vulnerable to phishing attacks or breaches. Our study reveals that 80% of senior manager respondents believe that companies operating remotely/hybrid pose a severe threat to businesses. Here are some tips for organizations with remotely/hybrid employees to tackle phishing attacks:Set comprehensive remote work policies: establish clear guidelines for remote workers. Such policies may include the eligibility to work remotely, the work setup, and cybersecurity measures. The use of strong passwords, installation of SSL security, and virtual private networks can also be defined in the work policy.  Enable encryption for sensitive information: encrypting data is an ideal practice overall, but it can be even more important for employees working remotely or in a hybrid mode. Ensure that the data shared between company-owned servers and remote work locations is encrypted while it moves from one location to another over the network. Enable access control and multi-factor authentication: companies may do well to ensure strict access control. They can enable multi-factor authentication as an additional security layer requiring at least two authentication methods. In such cases, even if a password is stolen, hackers cannot access the data protected via such methods since they typically require multiple logins via different devices. More than half of the surveyed senior managers say they have anti-phishing software in placeAnti-phishing software could be one of the ways to prevent phishing attacks. These tools are designed to identify suspicious data or messages through emails, links, or pop-up windows. Such software usually comprise different computer programs such as firewalls, anti-virus programs, and email security software programs. Of the surveyed senior managers, 55% reported that their company has anti-phishing software in place, whereas 36% don’t, while 9% are unsure about it. Of those respondents who admitted to having anti-phishing software in their organizations, a significant proportion believe that it can help them defend against phishing attacks.  According to 63% of those respondents whose companies use it, the software regularly prevents phishing attacks, while 33% say it only prevents attacks from time to time. Looking at the stats, organizations should not just rely on such software to stay protected from attacks, but should also have other measures in place to double down on security. We will discuss how much companies are expecting to spend on anti-phishing software and other security measures in the next section. Spending on anti-phishing software is expected to increase to some extentThe global anti-spam software market size is expected to reach US$20.33 billion by 2030, which was earlier valued at US$4.61 billion in 2022. Growing at a compound annual growth rate (CAGR) of 21.6% from 2023 to 2030, the high prevalence of phishing attacks or cybercrimes may have resulted in the market's growth. We also asked respondents who admitted to using anti-phishing software in their companies how they anticipate spending on such software will change in the next two years. A combined total of 52% of senior manager respondents say that their spending is expected to increase to some extent in the next two years, while only 18% of respondents indicate that the spending is anticipated to decrease. Considering this data, we can expect increased demand for anti-phishing software in the future.What to consider when investing in anti-phishing software?In case you don’t have software in place or you are planning to switch to another software, you may consider the following factors to select the right anti-phishing software for your business:Anti-phishing tool for email security:We discovered in part 1 of our survey report that emails are the most common source for phishing attacks. If your organization also receives such attacks through emails, you should look for anti-phishing solutions designed to strengthen email security. The software should include features like the ability to evaluate suspicious attachments, artificial intelligence (AI)-based identification of business email compromised (BEC) attacks, and analysis of potential phishing links. Anti-phishing software for mobile devices:Companies working remotely/hybrid should have anti-phishing solutions to protect the company’s information and employees’ sensitive data, which may be usually exchanged through mobile apps. Anti-phishing solutions for productivity apps:Hackers may also target productivity apps. Since such apps allow employees to share links, attackers can potentially hack them and share malicious links with users. Therefore, organizations may also need anti-phishing software that offers security at the application level as well. Businesses can select the ideal software for your business based on their specific needs. Senior managers use measures like updating cybersecurity software regularly and using antivirus toolsBusiness operations usually involve the exchange of customer data. Therefore, ensuring the security of such data may help organizations build trust with clients. To protect sensitive information from getting breached, companies should implement appropriate measures. When we asked senior manager respondents about the actions they take in their company to ensure data security, this is what they had to say:73% of the surveyed group say that they update cybersecurity software on a regular basis72% of the senior manager respondents use antivirus tools and encryption to secure data 61% report that they follow all the email security guidelines to protect data57% of senior managers say they update company software regularly to ensure data securityAnother 52% of the same subset of respondents state that they adhere to the password policy for data protectionWe further asked the same subset of respondents what steps they have been following to ensure a secure work environment. Since only 2% of respondents reported that their company doesn’t follow any steps to ensure a safe environment, it implies that there is a stringent need to implement particular security measures to secure data. Some such measures can be keeping software up-to-date, using VPN to protect data, enabling multi-factor authentication, and providing security awareness trainings, to name a few.How often do respondents change their work-related passwords?Creating a strong password that includes a combination of uppercase letters, numbers, lowercase letters, and special characters is cited as an ideal practice by the Government of Canada. Digging down into the issue, we also asked all our respondents —both employees and senior management— how often they change their work-related passwords. Because only around 6% of the respondents across all groups change their passwords less than once a year, it can be assumed that the survey takers understand the need to change passwords more often to defend against cybercrimes. Delving deeper into why respondents change work-related passwords, nearly half of the participants (52%) who reported changing their passwords said that their company policy states the need to do so.Here are some best practices for businesses to implement a robust password policy:Make sure employees use a unique password for every work account they create. Keeping the same password for all accounts can put users at risk of being breached on all accounts. Encourage employees to change passwords after a certain time period. For example, the Canadian government also recommends that employees should change their passwords every 3 months.  Make use of password management tools that enable employees to store all their passwords and generate strong random passwords to keep data secure.Organizing trainings to prevent phishing attacks can be usefulAlthough it may not be possible to completely avoid phishing attacks, implementing some best practices can potentially help companies minimize its impact. However, in order to enforce all the required security measures in the workplace, it may be necessary for organizations to provide their workers with awareness training programs so they know how to take certain actions to ensure data security. In this context, we asked those respondents who belong to senior management/leadership and who admitted to implementing phishing awareness training programs in their company, if they find such training useful. 88% of those surveyed said that the training helped them notice a decline in successful phishing attacks, while only 9% reported no decline in attacks since implementing training. This statistic shows that phishing awareness training programs are useful for organizations if they implement them appropriately. Overall, it's important to enforce a robust set of policies and procedures for companies to protect themselves against the growing menace of phishing attacks.Looking for cybersecurity software? Check out our catalogue\! ## Disclaimer > MethodologyTo collect this data, Capterra interviewed 457 employees at companies in Canada in August 2023. Of these, 347 were employees and 110 held senior or executive management positions or were owners.The candidates had to meet the following criteria:Canadian resident Between 18 and 65 years of ageEither full-time or part-time employed in a company and use laptops/computers to perform daily tasks at work either always or sometimes. Had to be able to identify the correct definition of a phishing attack after being shown a definition: “Phishing is a common type of cyber attack that targets individuals through email, text messages, phone calls, and other forms of communication usually by impersonating senders known to the recipient (e.g., package delivery, prizes, public entities, etc.). A phishing attack aims to trick the recipient into falling for the attacker’s desired action, such as revealing financial information, system login credentials, or other sensitive information. Phishing attacks are very often perpetrated against companies through their employees”Was aware of the existence of phishing attacks before reading the above-mentioned definition  Has received one or more phishing attacks at work ## About the author ### Smriti Arya Smriti is a Content Analyst for GetApp, helping SMBs deliver key insights into software, business and tech trends. ## Related Categories - [Accounting Software](https://www.getapp.ca/directory/236/accounting/software) - [CRM Software](https://www.getapp.ca/directory/230/crm/software) - [Cybersecurity Software](https://www.getapp.ca/directory/1035/cybersecurity/software) - [IT Service Software](https://www.getapp.ca/directory/1049/it-service/software) - [Network Security Software](https://www.getapp.ca/directory/1443/network-security/software) ## Related Articles - [AI-enhanced malware and phishing worry Canadian IT pros most for 2025, learn four ways to get secure](https://www.getapp.ca/blog/7229/canada-data-security-worries-it-professionals) - [How coworking management software can benefit SMEs](https://www.getapp.ca/blog/2544/how-coworking-management-software-can-benefit-smes) - [Top 6 software companies in Canada as reviewed by Canadians](https://www.getapp.ca/blog/3560/top-canadian-software-companies) - [Grocery checkout trends: 79% show interest in checkout-less shopping](https://www.getapp.ca/blog/2554/grocery-checkout-checkoutless-survey) - [5 Best customer loyalty program software in Canada](https://www.getapp.ca/blog/3302/best-customer-loyalty-program-software) ## Links - [View on GetApp](https://www.getapp.ca/blog/4226/protect-business-from-phishing-attacks) - [Blog](https://www.getapp.ca/blog) - [Home](https://www.getapp.ca/) ----- ## Structured Data