Email Security Awareness is High—Preparedness Is Not
Despite risk awareness, many businesses are ignoring critical cyber-issues. Case in point: Although 83% of IT staff highlight email as a common attack vector, one out of 10 reports not having any kind of email security training in place.
That’s according to Mimecast’s Email Security Uncovered global research study, which also shows that while 64% regard email as a major cybersecurity threat to their business, 65% also feel ill-equipped or too out of date to reasonably defend against email-based attacks. One-third of respondents also believe email is more vulnerable today than it was five years ago.
Email continues to be a critical technology in business and the threats of email hacks and data breaches loom large over IT security managers. Consequently, confidence and experience with previous data breaches and email hacks play key parts in determining a company’s perceived level of preparedness against these threats and targeted email attacks.
But, among the least-confident respondents in the survey, 23% attest to lacking any supplementary security measures.
Overall, just 35% feel confident about their level of preparedness against data breaches. Of the 65% who feel unprepared against future potential attacks, nearly half experienced such attacks in the past, indicating that they don’t feel any more protected following an attack than they did prior.
“Our cybersecurity is under attack and we depend on technology, and email in particular, in all aspects of business,” said Peter Bauer, CEO, Mimecast. “So it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend themselves against email-based threats in particular. As the cyber threat becomes more grave, email attacks will only become more common and more damaging.”
Budget and C-suite involvement were the biggest gaps found between the most and least prepared respondents. Among the IT security managers who feel most prepared, five out of six say that their C-suite is engaged with email security. However, of all IT security managers who were polled, only 15% say their C-suite is extremely engaged in email security, while 44% say their C-suite is only somewhat engaged, not very engaged, or not engaged at all.
“It’s essential that executives, the C-suite in particular, realize that they may not be as safe as they think and take action,” said Bauer. “Our research shows there is work still to be done to be safe and we can learn a lot from the experience of those that have learnt the hard way.”
Those who feel better prepared to handle email-based threats also allocate higher percentages of their IT security budgets toward email security. These IT security managers allocate 50% higher budgets to email security compared to managers who were less confident in their readiness. From these findings, the data points to allotting 10.4% of the total IT security budget toward email security as the ideal intersection between email security confidence and spending.
Photo © deepadesigns
Source: Information Security Magazine