90% of Cyberattacks Start with an Email – How to Reduce the Risk in Your Company?
Phishing is a type of cyberattack in which attackers impersonate trusted sources to steal sensitive information. Most commonly, this occurs via email – employees receive messages prompting them to click on a link, open an attachment, or provide access credentials, as if the requests came from colleagues, management, or trusted service providers.
Email is one of the primary tools in a company’s daily operations, which makes it the most frequently exploited attack channel. The high volume of incoming messages, routine workflows, and automatic trust in internal communication create an environment where phishing emails can appear legitimate, be easier to fall for, or remain unnoticed as potential threats.
Cyberattacks are becoming more targeted and technically sophisticated. Fake emails, links, and attachments are often almost indistinguishable from legitimate ones. Phishing remains effective because attackers deliberately use psychological pressure: urgency, impersonation of trusted institutions or colleagues, emotionally framed messages, and visually convincing designs that prompt quick action without careful consideration. The statistics are clear – approximately 90% of cyberattacks start with a phishing email, meaning a single careless click can put an entire company’s IT environment at risk.
In Latvia, the scale of fraud also remains high. Data from the financial sector for the period January 1 to November 30, 2025, shows that prevented fraud cases exceeded €12.7 million, while over €10.9 million were lost in cases where clients themselves approved the payments. These figures clearly demonstrate that technology alone is not enough to fully protect a company – the actions of employees are often the decisive factor.
While firewalls, email filters, and other security solutions are essential components of protection, they cannot prevent every threat. There always comes a point when the most critical security element is the employee – their ability to spot suspicious senders, evaluate links, and question unexpected requests.
This is why more and more companies are focusing on practical employee training based on realistic phishing scenarios. This training is not a one-time event or limited to a specific period – it consists of regular, ongoing exercises that help employees continuously evaluate each email, train critical thinking, and strengthen a security-conscious culture throughout the organization. Over time, this significantly reduces the likelihood that a phishing attempt will escalate into a real security threat.
Phishing will not disappear – on the contrary, emails will become more convincing and better tailored to individual recipients. The question is not whether a company will encounter it, but how well-prepared employees will be to handle such situations. Companies that invest in employee training and reinforce daily security habits significantly reduce both financial and reputational risks over the long term.
Baltijas Informācijas Tehnoloģijas offers employee cybersecurity training and regular phishing simulations based on realistic attack scenarios, helping staff learn to recognize threats in their daily work. If you would like more detailed information about BIT’s cybersecurity services, contact us at +371 67819981 or by email at support@bit.lv.