A global survey of security and IT professionals examined the threats their organizations encountered in 2016. The findings highlighted that cybercriminals frequently targeted individual employees to access sensitive information within businesses.

According to the survey, phishing attacks proved to be the most damaging, with 40% of respondents reporting such incidents, including spearphishing and whaling attempts.

About one-third of the participants experienced malware-free threats that impacted IT systems and increased the workload on IT staff. Among these, scripting attacks were the most frequent, while credential compromise or privilege escalation had the greatest impact.

Interestingly, only a small percentage of significant threats were zero-day attacks, with 76% of security professionals noting that less than 10% of their major threats were zero-days.

User education played a critical role as users both faced these attacks and could contribute to mitigating them. The survey revealed that 37% of respondents found the most impactful threats through help desk calls.