65 percent of global businesses ill-equipped to defend against email-based cyber-attacks
Watertown, MA – Mimecast (NASDAQ: MIME), the email security, email continuity and email archiving cloud company, today released the results of its new global research study: Mimecast Business Email Threat Report 2016, Email Security Uncovered. The survey of 600 IT security professionals, shows that while 64 percent regard email as a major cyber-security threat to their business, 65 percent don’t feel fully equipped or up to date to reasonably defend against email-based attacks. One-third of respondents also believe their email is more vulnerable today than it was five years ago.
Email continues to be a critical technology in business and the threat of email hacks and data breaches loom large over IT security managers. Consequently, confidence and experience with previous data breaches and email hacks play key parts in determining a company’s perceived level of preparedness against these threats and targeted email attacks.
Of the 600 surveyed, just 35 percent feel confident about their level of preparedness against data breaches. Of the 65 percent who don’t feel fully prepared against future potential attacks, nearly half experienced such attacks in the past, indicating that they don’t feel any more protected following an attack than they did prior.
This is also reflected in the few steps taken toward widespread email security. Although 83 percent of all respondents highlight email as a common attack vector, one out of ten report not having any kind of email security training in place. Among the least-confident respondents, 23 percent attest to lacking any supplementary security measures.
“Our cyber-security is under attack and we depend on technology, and email in particular, in all aspects of business. So it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend themselves against email-based threats in particular,” said Peter Bauer, chief executive officer, Mimecast. “As the cyber threat becomes more grave, email attacks will only become more common and more damaging. It’s essential that executives, the C-suite in particular, realize that they may not be as safe as they think and take action. Our research shows there is work still to be done to be safe and we can learn a lot from the experience of those that have learnt the hard way.”
Budget and C-suite involvement were the biggest gaps found between the most and least prepared respondents. Among the IT security managers who feel most prepared, five out of six say that their C-suite is engaged with email security. However, of all IT security managers who were polled, only 15 percent say their C-suite is extremely engaged in email security, while 44 percent say their C-suite is only somewhat engaged, not very engaged, or not engaged at all.
Those who feel better prepared to handle email-based threats also allocate higher percentages of their IT security budgets toward email security. These IT security managers allocate 50 percent higher budgets to email security compared to managers who were less confident in their readiness. From these findings, the data points to allotting 10.4 percent of the total IT budget toward email security as the ideal intersection between email security confidence and spend.
Mimecast found that five distinct “personas” emerged among the respondents, and characterized them into a Cyber-Security Shiver Grid based on their levels of email security and perceptions of data breach confidence: the Vigilant (16 percent), Equipped Veterans (19 percent), Apprehensive (31 percent), Nervous (6 percent) and Battle-Scarred (28 percent). Altogether, a majority of the IT security managers – totaling 65 percent, comprising the apprehensive, nervous and battle-scarred respondents – feel unprepared to manage email-based attacks.
Other key findings of the survey include:
- The top 20 percent of organizations that feel most secure are 250 percent more likely to see email as their biggest vulnerability.
- Confident IT security managers are 2.7x more likely to have a C-suite that is extremely or very engaged in email security. They are also 1.6x more likely to see C-suite involvement in email security as extremely or very appropriate.
- The least confident IT security managers are more likely to be using Microsoft’s Exchange Mail Server 2010, which ended mainstream support in January 2015. The most confident managers are more likely to use the up-to-date Exchange Server 2013.
- 70 percent of IT professionals that have recently and directly experienced an email hack employ internal safeguards, such as data leak prevention or targeted threat protection.
- Apprehensive IT security professionals are more likely to be found in smaller (fewer than 500 employees) firms than larger ones (32 percent to 18 percent, respectively).
- Less than half (48 percent) of IT security managers in smaller firms feel confident and well-prepared for tackling email security threats, compared to larger companies.
This study was created by Mimecast and March Communications, and facilitated by Vanson Bourne, during late 2015, consisting of 600 IT security decision makers from the USA (n=200), the UK (n=200), South Africa (n=100) and Australia (n=100) on their companies’ level of email security, IT preparedness and confidence in defending against cyber threats, as well as past experiences with data breaches and email hacks. The overall margin of error is ± 4 percent at the 95 percent confidence level.
Mimecast makes business email and data safer for 16,200 customers and millions of employees worldwide. Founded in 2003, the Company's next-generation cloud-based security, archiving and continuity services protect email and deliver comprehensive email risk management in a single, fully-integrated subscription service. Mimecast reduces email risk and the complexity and cost of managing the array of point solutions traditionally used to protect email and its data. For customers that have migrated to cloud services like Microsoft Office 365, Mimecast mitigates single vendor exposure by strengthening security coverage, combating downtime and improving email archiving.
Mimecast Email Security protects against malware, spam, advanced phishing and other emerging attacks, while preventing data leaks. Mimecast Mailbox Continuity enables employees to continue using email during planned and unplanned outages. Mimecast Enterprise Information Archiving unifies email, file and instant messaging data to support e-discovery and give employees fast access to their personal archive via PC, Mac and mobile apps.
Mimecast Social Media Resources
We welcome the opportunity to engage with the press and talk about our work and our industry.
Public Relations Manager, North America
+1 (617) 393 7122
UK & Europe
Africa, Middle East, India & Asia Pacific
PR & Communications Manager
+27 11 722 3700