Mimecast’s The State of Email Security Report 2022 - The Findings

Mimecast has just released its sixth annual State of Email Security Report. The recent report shows 2021 as the worst year on record for cybersecurity, with increased apprehension over what is to come. However, the insights and takeaways from the report can help you to deliver continuous improvements to your cyber resilience strategy and to be better prepared for the challenges that lie ahead. In this key findings report, we will be using statistics specific to Australia. However, if you would like to find out the global statistics, you can download the report here

Why Cyber Threats Escalated in 2021

Cybercriminals took advantage of organisations' reliance on email and collaboration tools during the COVID outbreak in 2020. The reliance on digital communication carried over into 2021 and cybercriminals stepped up their attacks in response. 

In 2021, email-based threats continued to evolve and became increasingly sophisticated. Phishing and Business Email Compromise (BEC) attacks were widespread. However, the cybersecurity threat that dominated was ransomware. As a result, the number of publicly reported data breaches soared past last year’s total and the global average cost of a data breach rose by 10%

Key Findings in Australia

This year’s report focused on the dominance of ransomware, brand spoofing, and the importance of cyber resilience and security awareness training. The following summarises the findings in these core areas.

1. The Dominance of Ransomware

Ransomware attacks rose rapidly in Australia in 2021, up more than 10%, from 64% of respondents in 2020 to 77% in 2021, and it looks like this threat vector is here to stay. Ransomware was more pervasive for all countries and all industries than it was the previous year and analysts predict that the frequency of these attacks will continue to rise. 

There were some notable differences in the response to ransomware attacks in 2021 for different countries. In Australia, when faced with a ransomware attack, six out of ten companies paid the ransom, which is similar to the global average. However, 30% of these companies failed to recover their data, which is lower than the 39% global average. 

2. The Rise in Brand Spoofing and Impersonation

Online brand spoofing and impersonation rose persistently during 2021, with almost half of all participants reporting an upswell. In Australia, 59% of respondents reported misuse of their brand via spoofed email and 51% spoofed web domains and websites. 

The seriousness of the rising threat is shown by the increasing defences being put in place. Common measures include in-house or third-party services to detect instances of brand mimicry and counterfeit websites. Meanwhile, companies have been readying themselves to deal with attacks. Another growth area has been the use of Domain-Based Message Authentication, Reporting and Conformance (DMARC). 90% of Australian companies are making use of DMARC to protect their brands or plan to do so over the coming year. 

3. The Need for Cyber Resilience

This year’s report shows that companies are taking cyber resilience more seriously than ever before. In Australia, 95% of companies either have a cyber resilience strategy or are actively planning to put one in place. However, faced with the pervasiveness and perniciousness of current attacks, cybersecurity professionals have redefined what it means to be cyber resilient. With these new goalposts in mind, only 34% of Australian businesses currently have an effective strategy in place compared to 51% in 2020. 

One reason why companies have been slow to deploy cybersecurity measures and strategies has been budgetary limitations. Around 14% of IT budgets in Australia were allocated for cyber resilience, but respondents in Australia believe that 18% should be allocated. While this might not seem like a big difference, 93% of respondents felt the budget shortfall directly impaired their cyber resilience: 52% felt it resulted in a lack of investment in cybersecurity training and 51% felt they missed out on improvements to existing cybersecurity solutions. 

4. The Importance of Security Awareness

Even the most carefully planned cyber resilience strategy can fall short if the companies’ employees are unprepared to respond to threats. Australia saw a higher than average increase across all email-related attacks: 58% email-related phishing, 50% BEC, and 50% internal threats or data leaks, which makes security awareness training fundamental.

More than 80% of respondents believe their company is at risk due to inadvertent data leaks by careless or negligent employees. However, even though a large percentage of security breaches involve some degree of human error, it is unfair and unreasonable to blame the people who committed those errors. The real issue is whether they were properly prepared to deal with those threats. In Australia, only 23% of companies provide cyber awareness training to their employees on an ongoing basis, although 85% offer it at least once a quarter.

How to Prepare for Future Security Challenges 

It is not only things in the physical world that need protection. As we work and live in a digital economy, digital assets must be guarded too. Whether it is account numbers, customer information or transaction data, everything has value. Unmonitored email, unencrypted data, and untrained employees are a big invitation to cybercriminals. To be prepared for the future, you need to not only be aware of the threats but to build the cyber resilience to deal with them. 

To find out more about the business risks, download the 2022 State of Email Security Report. Alternatively, to find out how we can help you to secure your email ecosystem, contact InfoTrust today.

see our

Related resources