Proofpoint Targeted Attack Study: Spear Phishing Prevalent, Dangerous

More than Half of IT Professionals Surveyed Say their Organizations were Targeted in the Past Year

SUNNYVALE, Calif. – May 30, 2013–Proofpoint, Inc., (NASDAQ: PFPT), a leading security-as-a-service provider, today released the results of a survey conducted at two major IT security conferences this year that indicate spear phishing – the precise targeting of malicious, email-borne attacks at specific organizations – continues to be a serious threat.

Fifty-eight percent of those surveyed indicated that their organizations had been the target of email spear phishing attacks within the last year. Out of that same group, 56 percent believed their organization had also experienced some other form of targeted attack or advanced persistent threat (APT).

In many cases, the defenses in place against these and other types of attacks proved inadequate. Almost one in five (19 percent) of the respondents reported an actual data breach within the year.

The survey was conducted onsite at the 2013 RSA Conference in San Francisco and the 2013 Infosecurity Europe conference in London. In total, 620 professionals with C-level, IT, security and risk/compliance titles participated.

"These figures underline the fact that data theft continues to be a huge problem, and that the organizations that perpetrate crimes involving data are becoming more and more sophisticated," said Gary Steele, CEO, Proofpoint. "The corollary is that more sophisticated defenses are needed."

There were significant variations among subgroups within the survey. Organizations with more than 1,000 email users were more likely to experience a spear phishing attack (65 percent) than those with fewer users (48 percent). There were also variations among attendees at the RSA conference, where 62 percent of respondents believed they had been spear phishing targets within the last year, versus 42 percent for Infosecurity Europe. It's unclear whether these figures reflect a real geographical difference in the prevalence of spear phishing or a difference in the level of awareness and concern regarding targeted attacks.

To download a detailed summary (PDF format) of Proofpoint's 2013 RSA and Infosecurity Europe conference survey findings, please visit:

Proofpoint is uniquely positioned to help companies defend themselves in the new and hostile security environment that now prevails. Proofpoint's Targeted Attack Protection™ solution is a cloud-based service designed to identify, respond to and neutralize targeted attacks. Proofpoint’s solution deploys an array of advanced technologies including big data analysis, URL interception, and malware sandboxing to provide protection that follows messages and users wherever they go – whether they're behind the corporate firewall or off the corporate network on mobile devices or public terminals.

About Proofpoint, Inc.
Proofpoint Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance and secure communications. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information. More information is available at


Proofpoint and Targeted Attack Protection are trademarks of Proofpoint, Inc. in the U.S. and other countries. All other trademarks contained herein are the property of their respective owners.