In today's world, cybercrime is becoming more sophisticated, and corporate phishing occupies one of the leading places in this process. Despite the awareness of cyberattack methods, many companies remain vulnerable to fraud.

From January to March 2025, 30 thousand incidents in the field of information security were recorded in Kazakhstan — 2 times more than in the same period last year.

Specialists from Bitrix24 Kazakhstan, a leading developer of IT systems for businesses, conducted a survey to find out whether Kazakhstanis are ready to face virtual threats in the office environment.

Corporate phishing is a type of cyber—attacks on a specific company or organization through employees in order to steal corporate data and access to closed systems.

According to the survey, 52% of respondents had experienced attempts at hacking or identity theft, while 22% noted similar attempts regarding work data. This highlights that corporate phishing is becoming an increasingly common threat.

Scammers use various communication channels to achieve their goals. They most often use mobile communications (53%) and instant messengers (28%). In corporate phishing, attackers also use emails. At the same time, 29% of respondents consider email to be the most secure channel, which may indicate a lack of awareness about modern phishing methods.

Interestingly, 42% consider mobile communications to be the least secure, which coincides with data on its popularity among scammers. Moreover, 53% noted that they prefer not to pick up the phone when calling from an unknown number, as they are afraid of running into scammers or listening to advertising offers.

59% of organizations do not have an official cybersecurity policy.

Employee training plays a key role in protecting against phishing, but only 35% of companies conduct such training among respondents. Moreover, phishing tests to check employee awareness are conducted in only 28% of organizations. This indicates significant gaps in staff training to counter cyber attacks.

Summary: Corporate phishing poses a serious threat to businesses, and companies must take proactive measures to protect their data. For example, using a corporate messenger significantly reduces the risk of cyber attacks. A modern working messenger is a closed multispace that has data encryption, biometrics for logging in, a mobile application, and two—factor authorization. A simple solution helps save your data and reputation.

It is also important to implement a cybersecurity policy, regularly train employees, and conduct phishing tests. In an environment where 50% of employees do not know where to turn in the event of a cyber attack, raising awareness is becoming a critical step towards security.

The survey was conducted on the Yandex.Vzglyad site among 1,000 respondents in May 2025.