Tag Archives: Egress

Technology

New report reveals that 94% of global organizations have experienced email security incidents last year

  • Email security risks remain high with 94% of organizations experiencing incidents in the past 12 months.
  • 96% of organizations that experienced phishing attacks were negatively impacted, up from 86% last year.
  • Most cybersecurity leaders are stressed about email security, and 61% are kept awake at night by the use of AI in phishing.
  • Alarmingly, data loss and exfiltration incidents were experienced by 91% of respondents.

Leading cybersecurity company Egress today releases its second Email Security Risk Report. The report lays bare the attitudes and approaches to email security, the evolution of risks, and the impact of incidents. In the 2024 Email Security Risk Report, alongside expert commentary, a comparison of 2023’s results offers insight into how 500 Cybersecurity leaders view the threat landscape, including how they remain vulnerable to both inbound phishing attacks and outbound data loss and exfiltration, and how they continue to question the effectiveness of traditional approaches to email security.

The report contains new data on phishing attacks, data loss prevention, and concerns about technical defenses’ ability to detect and prevent advanced threats within Microsoft 365 environments.

Jack Chapman, VP of Threat Intelligence at Egress, comments:

“The 2024 Email Security Risk Report is an essential read for all cybersecurity professionals and ultimately a tool to help teams assess their inbound and outbound defenses.

“What has been staggering is the emergence of trends alongside the 2023 edition of the Email Security Risk Report; for example, 94% of respondents fell victim to phishing attacks, up 2% from the previous year. Organizations continue to face vulnerabilities when it comes to advanced phishing attacks, human error, and data exfiltration, and analyzing emerging trends will be key to bolstering defenses.

“The report also highlights how Cybersecurity leaders know that they’re vulnerable when it comes to phishing attacks. 58% of organizations have experienced account takeover incidents in the last 12 months, and 79% of these started with a phishing email that harvested an employee’s credentials, so it’s no wonder that phishing attacks and compromised accounts are causing concern for our Cybersecurity leaders.

“The use of AI by cybercriminals is also at the front of our leaders’ minds, and rightly so. While it’s currently impossible to actually prove chatbots are being used to create phishing attacks, cybercriminals generally take every advantage they can get. Organizations can’t afford to be left behind but must ensure their defenses keep pace with cybercriminals’ methodology and the resulting attacks.

“The stats in this latest report are truly staggering; 94% of companies have experienced security incidents in the last 12 months, and 95% of cybersecurity leaders are stressed about email security. Organizations urgently need to adapt their approach, or risk finding themselves in the same position next year.”

Email Security Risk Remains High

The Egress Email Security Risk Report 2024 has revealed that 94% of respondents fell victim to phishing attacks, up 2% from the previous year. Inbound email incidents primarily took the form of malicious URLs, attacks sent from a compromised account, and malware or ransomware attachments.

Looking towards outbound email incidents, 91% of organizations experienced data loss and exfiltration due to reckless behavior to ‘get the job done’, human error or malicious exfiltration amongst other contributing factors.

  • 94% of organizations were victims of phishing attacks
  • 96% of organizations were negatively impacted by phishing attacks
  • 94% of organizations were negatively impacted by outbound email security incidents
  • 79% of organizations were victims of account takeover attacks which started with a phishing email
  • 61% of cybersecurity leaders say the use of chatbots in phishing keeps them awake at night

Employees face the consequences for email security incidents

The impact of an email security incident can be severe for employees and their organizations. 96% of surveyed organizations experienced negative impacts from phishing attacks, which is a jump of 10% versus last year’s report (when the number sat at 86%). Findings from the Email Security Risk Report show that leaders are taking a tough stance with employees caught by phishing attacks with negative outcomes for the people involved happening in 74% of companies. In particular, the report revealed the way organizations responded, with:

  • 51% of employees caught in phishing attacks disciplined
  • 39% of employees caught in phishing attacks fired
  • 27% of employees caught in phishing attacks voluntarily leaving their roles

Looking at outbound threats, a similar picture is seen with 94% of the surveyed organizations reported being adversely affected, which is an increase of 8% from last year’s report. In outbound email incidents, 67% of people were disciplined, let go, or chose to leave the organization. Employees being disciplined was the most common outcome, seen in 51% of organizations.

It is evident from the report’s data that email security incidents continue to have far-reaching impacts for organizations, with financial loss from customer churn and reputational damage topping the organizational costs in both inbound and outbound incidents. Organizations should provide the right technology to their teams to detect advanced threats and SAT programs that genuinely increases their understanding of real threats going forwards.

AI is a growing concern for cyber risk

AI continues to be one of the industry’s biggest talking points, and our Cybersecurity leaders are savvy to the effect new tools, large language models, and generative AI could have on phishing attacks. 63% are being kept awake at night by deepfakes, and 61% by AI chatbots being utilized to create efficient phishing campaigns. This trend is expected to continue into 2024 and beyond, with organizations being encouraged to continuously review their defences.

Through stolen Microsoft credentials threat actors can gain access to the kingdom

Microsoft credentials are synonymous with being ‘the keys to the kingdom’, giving cybercriminals the power to move laterally across systems and networks to exfiltrate data and access email accounts to target customers and suppliers with further attacks.

Findings from the report show that account takeover attacks (ATOs) are a significant concern for Cybersecurity leaders as 58% of organizations experienced account takeover incidents. Of these:

  • 79% began with a phishing email harvesting an employee’s credentials
  • 83% saw multi-factor authentication bypassed before proceeding with the account takeover

Additionally, over half (51%) of organizations fell victim to phishing attacks sent from compromised accounts within their supply chain in the last 12 months. Utilizing a trusted domain helps enable attacks to get through traditional perimeter defenses and people are less suspicious of emails sent from addresses they recognize. Cybersecurity leaders are well-aware of their vulnerability, with supply chain compromise and ATO their top sources of stress.

Cybersecurity leaders question the value of their SEGs

Many of the email security features Microsoft 365 offers overlap with the functionality available in SEGs, leaving organization to question their tech stack. Of those who use a SEG, 91% expressed frustration with it, and 87% are considering replacing their SEG or have already done so. As organizations adopt native controls in favor of SEGs, they are still left vulnerable to the advanced phishing attacks that can bypass signature-based and reputation-based detection, as well as employees’ behaviors that lead to outbound incidents, such as human error.

Combining Microsoft’s controls and integrated cloud email security (ICES) solutions covers the full spectrum of inbound and outbound email security incidents, so it’s little surprise that a large portion of organizations are weighing up their options.

Training is considered a checkbox requirement

According to the findings from the report, email security risks remain a top concern for organizations with 94% having experienced security incidents over the past year. Despite this, according to the majority of respondents, training is provided only to meet compliance requirements with 88% acknowledging that they are doing SAT for compliance purposes.

If training is engaging, in bite-size modules and relevant to the employee’s tasks, it should be an enriching activity with real-time teachable moments throughout their workday, but Cybersecurity leaders are currently worried that employees skip through training as quickly as possible and that they find training annoying.

With this in mind, it is no wonder that 91% of Cybersecurity leaders have doubts about the effectiveness of traditional training, and making the training tailored to teams or individuals isn’t being offered commonly:

  • Only 19% of organizations deliver SAT that reflects on the department or team that employees work in
  • Just 9% of organizations tailor training to the individual employee.

The ramifications of this are significant for both employees and their organizations as quality learning can turn a company’s biggest risk into one of their strongest defences – their people.

For more information or to access the full report, please visit https://pages.egress.com/whitepaper-email-risk-report-01-24.html and https://www.egress.com/blog/company-news/stats-from-the-email-security-risk-report

Cybersecurity, News

Threats Exploiting Employees a Concern For Microsoft 365 Users

Egress Report Cites Cyber Security Experts, Offers Recommendations to CISOs Representing the 1 Million Companies Deploying Microsoft 365

LONDON, UK – 21st June 2022 – Egress, the leading provider of intelligent email security, has today issued a report identifying a number of security risks facing users of Microsoft 365, which along with its suite of tools, is expected to be relied upon by more than one million companies and over 250 million users[1].

Click here to read the full report: https://pages.egress.com/Whitepaper-EmailRisksInMS365-06-22_2021-Landing-PAGE-eBook.html

The threat analysis has been compiled by leading experts in cyber security. Lisa Forte is the co-founder of Red Goat Cyber Security LLP, Robin Bell is the Chief Information Security Officer, (CISO) at Egress, and Jack Chapman is the VP of Threat Intelligence at Egress. Their collective insights provide both the context associated with perceived risks as well as recommendations for CISOs to reduce both inbound and outbound risk, protecting their people, organization and customers.

Overall, the expert panel felt Microsoft 365’s native security capabilities offered good, basic email protection from phishing, and data loss prevention (DLP) tools for dealing with outbound data loss. However, the group also believes that there remain issues requiring enhanced protection from highly advanced inbound phishing threats, outbound data loss, and exfiltration events that cannot be reduced by static DLP.

“Microsoft’s protection now rivals Secure Email Gateways (SEGs), but there remain substantial gaps in its email security. Both Microsoft and SEGs struggle to detect the most sophisticated social engineering attacks,” said Jack Chapman, Egress VP of Threat Intelligence. “Topping the list are threats that target and exploit individuals such as phishing attacks, and outbound risks such as data loss caused by human error or intentional exfiltration. CISOs must evaluate their level of protection and augment their existing email security with additional layers of technology where required, to protect their employees and their data.”

Snapshot of Email Risks in Microsoft 365

  • Phishing: credential theft, leakage of sensitive/regulated data, navigating users to malicious URLs, requesting multi-factor authentication (MFA) codes, and ransomware.
  • Human Error: autocomplete of the incorrect email recipient, complex, manual management of customizations and settings.
  • Deliberate acts of data exfiltration for as yet unknown use cases that are not covered by policies.
  • Reporting is limited when seeking to understand the level of risk from phishing emails.

Microsoft 365 – CISO Security Recommendations

To CISO’s responsible for the safe deployment and use of Microsoft 365, the Egress report offers a number of key recommendations, beginning with a question – how much do I understand? Framing this guidance is that any tool or service is more easily deployed when it is user-friendly and frictionless.

Understanding begins with CISO’s who must analyze the risks their organization faces in order to prioritize the right layers of security across people, technology, and processes. Further, they must understand the limits of Microsoft 365 and seek to avoid a cookie-cutter cyber approach. A comprehensive, holistic view of the risk is invaluable to identify the products that will complement and seamlessly integrate into your business environment to manage and reduce risks.

This approach must also extend to employees. To reduce human-activated risk, businesses need to reinforce widespread staff training and back it up with intelligent email security tools to catch moments when employees are prone to making mistakes.

According to the 2022 Egress report, Fighting Phishing: The IT Leader’s View, over the past 12 months, 85% of organizations were victims of phishing, 60% of organizations were hit by ransomware, and 40% of organizations had credentials stolen.

[1] Statista: Number of Office 365 company users worldwide as of June 2022, by leading country

For more information and interview requests, contact Jordan Brackenbury at PR@Egress.com

Cybersecurity, News

Egress Named One of the 100 Most Innovative Cybersecurity Companies of 2022

LONDON, UK – 8th June 2022 – Egress, the leading provider of intelligent email security, today announced that Expert Insights, a leading resource for organisations around the world to research and compare cybersecurity solutions, has named it one of the 100 most innovative cybersecurity companies of 2022.

Expert Insights develops this list through a combination of research by its independent technical analysts and editorial team as well as customer feedback and industry recognition.

“All at Egress are proud to be recognised by Expert Insights as a leading innovator for cybersecurity,” said Tony Pepper, Egress CEO, and co-founder. “Over the past year, through a combination of acquisitions, partnerships, and new product development, Egress has worked hard to remain a trusted provider of security for our growing community of customers.”

In related news, Egress recently issued its mid-year 2022 threat report offering details about threats associated with crypto currency donations to war-torn Ukraine, email phishing attacks using LinkedIn to target jobseekers, a rise of sextortion phishing emails, and zero-day exploits, circulating on the dark web, targeting electronic voters as well as Facebook and Gmail users. You can learn more and read the full report via this link: https://egress.co/ueEzZ

 

News, Security

Egress Mid-Year Threat Report Details Scams Affecting Cryptocurrency-based Ukraine Donations, Job Seekers, Electronic Voters, and More

LONDON, UK – 18th May 2022 – Egress, the leading provider of intelligent email security, today issued its mid-year 2022 threat report offering details of emerging vulnerabilities along with insights, from the Egress threat intelligence team, about protecting employees, customers, and businesses from these specific cyberattacks.

The full report, available here: http://www.egress.com/resources/cybersecurity-information/threat-report-launch, provides comprehensive details about threats associated with scam cryptocurrency donations to war-torn Ukraine, email phishing attacks using LinkedIn to target jobseekers, a rise in sextortion phishing emails and zero-day exploits circulating on the dark web, targeting electronic voters as well as Facebook and Gmail users.

Scams Exploit Cryptocurrency-Based Ukraine Donations

Egress analysts have observed a surge in phishing attacks exploiting the war in Ukraine. Targeting individuals and organisations across the U.S. and the U.K., the emails impersonate display names and email addresses of well-known Ukrainian bodies. Examples include emails impersonating the Ukrainian Government asking for cryptocurrency donations to assist their war effort. Egress has located other emails impersonating the Ukrainian Ministry of Defence, the Aid for Ukraine charity, The United Nations, and Ukrainian President Volodymyr Zelenskyy.

“To succeed, these attacks must bypass email defences and get a person to act, which relies on engendering emotional reactions to the needs of refugees and children,” explained Jack Chapman, Vice President of Threat Intelligence at Egress. “If you choose to donate cryptocurrency to a cause, use a reputable source to verify its authenticity and only use publicly available cryptocurrency addresses.”

LinkedIn Impersonation Targets Jobseekers

This email attack targets individuals and organisations in the U.S. and the U.K. using spoofed LinkedIn branding. It encourages targets to click on phishing links and enter credentials onto fraudulent websites, which are scraped when the victim believes they are logging in. Once the scam is completed, the victim is redirected to the real LinkedIn site, so they have no idea their credentials have been stolen and do not take remedial action such as changing their password.

“Current employment trends such as The Great Resignation help to make this attack more convincing by flattering jobseekers into believing their profile is being viewed and expertise is needed,” said Chapman. “We advise organisations to examine their current anti-phishing security stack to ensure they have intelligent controls that engage and warn the user of the threat. Meanwhile, individuals should take extreme caution when reading notification emails that request them to click on a hyperlink, particularly on mobile devices.”

Sextortion Phishing on the Rise

Egress researchers observed a 334% increase in sextortion attacks since March 2022. In these cases, sextortion-oriented phishing emails are targeting individuals and organisations across the U.S. and the U.K. through a variety of subject lines coercing victims to panic and click through for more information. Emails use emotive, threatening language to socially engineer their victim to extort payment. For example, one email states “I don’t think this kind of content would be very good for your reputation”. The attacks follow a similar format by stating the problem, threat, ‘solution’, the deadline to comply, and futility of reporting the incident.

“Phishing attacks like these try to use our own psychology – especially shame, panic, and fear – against us,” explained Chapman. “By providing a specific deadline, cybercriminals apply pressure on victims to comply quickly. Related to these scams our advice is simple – don’t pay the ransom.”

New Threats Target Electronic Voters, Facebook, and Gmail Users

This threat is targeting electronic voters as well as Facebook and Gmail users through zero-day exploits posted to Empire Market, a DarkWeb marketplace where exploits, phishing tools, and templates are available to purchase. Egress analysts found an electronic voting exploit for sale, which allows malicious software to be loaded onto voting machines. Another offers a way to take over a Facebook account through a password reset vulnerability to harvest victim information and make further phishing attacks more believable. A third exploit targets Gmail accounts remotely via a code injection allowing attackers to access accounts, regardless of two-factor authentication.

“New zero-day exploits are being discovered all the time,” added Chapman. “Social media accounts contain a host of information about people, such as date of birth, geographic locations, mother’s surname, and more. Our advice is to stay on top of the latest threats by keeping up with advice from your threat intelligence network.”

Business News, News

Egress named one of the UK’s Best Workplaces™ by Great Place to Work®

Prestigious award underscores Egress’ status as a leading employer in the cybersecurity industry and adds to recent recognition as a Best Workplace in Tech, Best Workplace for Wellbeing and Best Workplace for Women

London, UK – 28th April 2022 – Egress, the leading provider of intelligent email security, today announced it has been named as one of the UK’s Best Workplaces™ by Great Place to Work© for 2022, celebrating the company’s commitment to investing in their employees and building a dynamic, unique company culture. In addition to its recent inclusion on the 2021 Best Workplaces in Tech, Best Workplaces for Tech and Best Workplaces for Women lists, this honour underlines Egress’ status as an employer of choice in the rapidly growing cybersecurity industry.

“At Egress we take our relationships with our people very seriously. We care deeply about their experience here. We are on a journey to building a world class culture built on the highest performance and morale.” explains Chief People Officer Laura Probert.

“We want Egress to be the best place our people have ever worked, and strive for our people to feel more valued and developed than at any time in their career. The results of our annual Great Place to Work participation highlights the impact of all the new people initiatives we have rolled out in the last year, and shows us how we can continuously improve.”

“Even in times of agonising uncertainty, at Best Workplaces™ the shared mantra of ‘purpose over profit’ has stood firm,” said Benedict Gautrey, Managing Director of Great Place to Work® UK. “We’re incredibly proud to recognise the 290 companies on our list for their outstanding workplace cultures, and unwavering commitment to supporting employees so they can deliver the best strategic solutions to ever-changing business opportunities and challenges.”

To determine the 2022 UK’s Best Workplaces™ list, Great Place to Work® performed rigorous evaluations of hundreds of employee survey responses alongside Culture Audit™ submissions from leaders at each company. They then used these data insights to benchmark the effectiveness of companies’ employee value propositions against the culture their employees actually experience.

Those businesses who achieve the highest scores after evaluation receive Best Workplaces™ status.

Appointments, News

Egress names Robin Bell as CISO to amplify security-first culture

Email security leader appoints CISO to partner with customers and advance security strategy.

London, UK – 13th April 2022 – Egress, the leading provider of intelligent email security, has announced the appointment of Robin Bell as its Chief Information Security Officer (CISO). This strategic internal move will see Bell transition from the role of Chief Information Officer (CIO) to expand the company’s security operations at pace with its rapid growth, at a time of heightened global cybersecurity risk.

In his new role as CISO, Bell will focus entirely on promoting information security. Partnering with customers across highly regulated industries and critical infrastructure, Bell will focus on building a culture of cyber resilience during this period of heightened risk.

“By appointing Robin as our CISO, we’re reaffirming our commitment to maintaining the highest level of cybersecurity across our business and for our customers,” Egress CEO Tony Pepper explains. “We want to ensure that security is ingrained in every aspect of our strategy as we continue to grow our global customer base. With Robin’s vast knowledge and his experience leading security teams, I’m certain that we can achieve this.”

Prior to Egress, Bell served as Head of Application Services Group at Vodafone and was responsible for delivering and managing NHSMail – one of the largest on-premise deployments of Microsoft exchange in the world, which has subsequently migrated to Microsoft 365.

“At this time of heightened cybersecurity risk, it’s essential for cybersecurity businesses to look inwards and constantly evaluate their own security posture.” Bell explains. “There’s a tragic situation going on in Ukraine which we’re all very concerned about. The ramifications of it are far-reaching and business leaders, CISOs in particular, need to take this war-time situation seriously. Russia has stated that they will unleash cyber-attacks, particularly focused on the U.S. We’ve previously seen Russia target energy companies and wouldn’t be surprised to see cyber-attacks on critical infrastructure as well as banks and other large corporations. As these attacks are likely to focus on the American population at large, CISOs need to be proactive in their own teams preparedness and keep a close eye on wide reaching ransomware and phishing attacks.

My move from CIO to CISO at Egress is a natural evolution to meet this need and it reflects the importance of security for all organisations. The company already has a mature security program, but good security is not a one-time exercise – and Egress will continually strive to achieve the highest of standards and keep security at the heart of everything we do.”

News, Security

IT Leaders Say Employees Not Fully Prepared for Cyberattacks

Research by Egress Shows Human Activated Risks Comprise the Top Three Threats for Organisations

London, UK – 6th April 2022 – Egress, the leading provider of intelligent email security, today announced the results of its Human Activated Risk report, which revealed that over half (56%) of IT leaders say that their non-technical staff are only ‘somewhat’ prepared, or ‘not at all’ prepared, for a security attack. Six hundred IT security leaders across a broad range of industries were anonymously surveyed regarding their organisations’ security posture in this heightened threat environment. Add to this, 77% of respondents have seen an increase in security compromises since going remote 2 years ago, and there’s a continued significant risk to organisations.

Human activated risk is introduced by human behaviours or actions, through coercion by bad actors, human error or malicious intent. Technology can malfunction or not work as it’s supposed to, but in many cases, the fault is with the person operating it. Whether through carelessness, malicious intent, or being tricked by a third party, humans can knowingly and unknowingly create massive amounts of risk that security teams need to manage. The top attacks associated with Human Activated Risk seen by IT Leaders include, in order of rank:

  1. Accidental data loss via human error
  2. Employee spear phishing
  3. Business email compromise

The research results show that the top attacks or risks employees fall victim to are the result of human-activated risks, such as accidental data loss, malicious data exfiltration or falling victim to a phishing attack. The research found that 39% of IT leaders rely on the native protections offered by Microsoft 365 and Google to defend from inbound phishing attacks. What was also revealed is that more than 39% of organisations have 6 or more security solutions in place today, an approach that appears to be bringing more software in to address the problem and hoping it gets better rather than looking at the root cause.

Other significant research findings include:

  • 30% of IT leaders polled either don’t have or don’t know if their organisation has a solution to detect accidental data loss from misdirected emails.
  • 60% of respondents feel the active security solutions they have in place still presents them with a challenge.
  • Almost 30% of those polled (+/- 180 IT leaders) don’t understand what human activated risk is.

“Organisations are facing a formidable threat landscape, and the threat of cyber-attacks looms large”, explains Jack Chapman, VP of Threat Intelligence at Egress, “Against this backdrop, it’s alarming that most IT leaders, those responsible for protecting an organization against these threats, feel that employees aren’t fully prepared to deal with cyber-attacks. Coupled with the finding that human activated risk is the leading driver of security incidents, it’s clear that many organizations are in a vulnerable position, exposed to a wide range of serious cybersecurity threats. Organisations must build up their defences against attackers, provide proper training programs and also take meaningful action to tackle risks that originate from within – beginning with their people. Now is the time for organizations to re-evaluate their security posture and ensure that they are in a strong position to protect themselves and their people.”

News, Security

Egress Protect recognized by Expert Insights for industry-leading email encryption

Expert Insights names Egress Protect the ‘top email encryption solution for Office 365’.

London – 5th April 2022 – Egress Protect has been selected for the Expert Insights’ Best-Of Award for Encryption for the second year running. The leading provider of intelligent email security, Egress was recognised for its enterprise-grade encryption and seamless integration with Microsoft 365.

By being selected for this award, Egress Protect is championed for its use of secure, certified encryption to guard against data breaches. Used by major banks, leading law firms, global healthcare providers and governments, Egress Protect integrates seamlessly with Microsoft 365 to offer frictionless email encryption for both sender and recipient. Protect provides automatic encryption and user prompts for zero-user interaction in partnership with Egress Prevent. It also offers the option to empower users to initiate end-to-end encryption, using a low-friction Outlook add-in. Protect forms part of the Intelligent Email Security suite, reducing human activated risks caused by human error, malicious insiders, and inbound phishing attacks.

Best-Of award winners are chosen by Expert Insights’ editors, based on extensive research into each solution’s merits as a solution provider, customer reviews, and how they compare to their competitors. All recipients of these awards were specifically selected for their impressive features, strong capabilities, and positive user experiences. Expert Insights also takes into consideration pricing, target markets and the deployment process when selecting the top vendors.

“In today’s heightened threat environment, email encryption is a vital element of every organisation’s security stack,” explains Egress CEO Tony Pepper. “By making encryption easy for both senders and recipients, Protect provides that level of security organisations need to keep digital communications safe. We’re proud that Egress Protect has been recognised by Expert Insights for offering the highest level of protection.”

Learn more about Expert Insights’ Best-Of Awards here: https://expertinsights.com/insights/the-top-email-encryption-platforms/

For further information, please contact Jordan Brackenbury at PR@Egress.com

News, Wellbeing News

Egress named a Best Workplace for Wellbeing™ by Great Place to Work®

Prestigious listing highlights Egress’ commitment to employee wellbeing and work-life balance and adds to recent recognition as a Best Workplace in Tech and Best Workplace for Women.

London, UK – 17th February 2022 – Egress, the leading provider of intelligent email security, today announced it has been named as one of the UK’s Best Workplaces™ for Wellbeing for 2022. Celebrating Egress’ dedication to promoting wellbeing and work-life balance, this recognition is based entirely on anonymous employee feedback compiled by Great Place to Work, the leading authority on workplace culture and engagement. In addition to its recent inclusion on the 2021 Best Workplaces in Tech and Best Workplaces for Women lists, this commendation underlines Egress’ status as an employer of choice in the rapidly growing cybersecurity industry.

Egress has continuously invested in initiatives to prioritize employee wellbeing, including establishing an internal team of trained mental health first aiders and offering free counselling via its employee assistance programme. Other wellbeing benefits include flexible working, an enhanced maternity leave package and private medical insurance.

“At Egress, employee wellbeing is our top priority, so we’re proud to see our efforts recognised by Great Place to Work®” comments Laura Probert, Chief People Officer at Egress. “As organisations renew their focus on tackling burnout amid Covid and the Great Resignation, it’s vital that we continue to push the boundaries with initiatives that make a real difference to the lives of our people. Egress is going through a period of rapid growth, but we’ve shown that expansion doesn’t have to come at the expense of our people’s wellbeing. Egress is a place where people really care about our success and passion runs high, so creating a more autonomous culture that gives permission to also take time for ourselves has been a major contributor to our success.”

“Being better for people is better for business, especially in tough times,” explained Benedict Gautrey, Managing Director of Great Place to Work® UK. “When employees feel genuinely cared for, their loyalty, engagement and productivity improve. Happier people also become brand advocates for the business and will often go the extra mile to provide a positive experience for their clients and customers. We’re delighted to launch our first-ever UK’s Best Workplaces™ for Wellbeing list in 2022, shining a light on the 250 companies who have succeeded in ensuring staff experience high levels of wellbeing across the organisation. Hopefully this recognition and acknowledgement will inspire more workplaces to do the same in years to come.”