Financial institutions are the targets of one in five (20.64 per cent) phishing attacks, according to recent statistics.
The data was compiled by Kaspersky Lab between May 2012 and late April 2013, and followed a global survey completed in spring this year that emphasised the importance of vulnerability management.
Some 37 per cent of banks and other finance firms polled were the victims of a phishing attack at least once in the last 12 months.
"It's no surprise that banking and e-commerce has attracted unwanted criminal attention," the organisation explained.
"Even a successful attack on search pages, social networks or email can only yield personal data."
According to the company, cyber criminals need to find buyers for this personal information in order to turn a profit, while phishing attacks are much better for achieving quick gains.
Fake online banking or shopping pages can, if used successfully, act as a more direct route to financial rewards, the firm said.
Kaspersky Lab's Global Corporate IT Security Risks survey in May revealed the average cost of a 'serious' security incident is US$649,000 (AU$702,800) for a large company and $50,000 for a small to medium-sized business.
Phishing attacks were judged to lead to the loss of sensitive information between five and six per cent of the time.