Today, we launched our new Mimecast Business Email Threat Report 2016. The survey of 600 IT security professionals shows that while 64 percent see email as a major cyber-security threat to their business, 65 percent also feel ill-equipped or too out-of-date to reasonably defend against email-based attacks.
Email continues to be a critical technology in business and the threat of email hacks and data breaches loom large over IT security managers. Consequently, confidence and experience with previous data breaches and email hacks play key parts in determining an organization’s perceived level of preparedness against these threats. Alarmingly, one-third of survey respondents believe email is more vulnerable today than it was five years ago.
We depend on technology, and email in particular, in all aspects of our work and personal lives. So, it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend against email-based threats. Budget and C-suite involvement were the biggest gaps found between the most and least prepared respondents. Among the IT security managers who feel most prepared, it’s not a surprise to me that their C-suite is most engaged with email security. But the results show that the reality for a large number of them is that their C-suite is only somewhat engaged, not very engaged, or not engaged at all.
As the cyber threat becomes more potent, email attacks will become more common and more damaging. It’s essential that executives, the C-suite in particular, realize they may not be as safe as they think and take action. They need to get engaged with email security planning and preparation, and allocate time, focus and budget.
Those who feel better prepared to handle email-based threats also allocate higher percentages of their IT budgets to email security. We estimate from our research that security confidence is achieved when you assign over 10% of your IT budget to email security.
Finally our research report also identifies five distinct security ‘personas’ we can all learn from inspired by the data. We call them Vigilant, Equipped Veteran, Apprehensive, Nervous and Battle-Scarred. For more information on the differences between these personas – including budget allocations, levels of C-suite involvement and the top attack vectors they worry about, download our E-book summary of the research here.