State of Email Security Report 2021 – The Findings

Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.

In its report, Mimecast detected an upsurge in email-based cyber-attacks in the wake of COVID-19 with email-borne malware, phishing attacks, and ingenious social engineering tactics targeting a remote and disoriented workforce. To help you take stock, we’ve summarised the key findings of the report and which security challenges to think about in 2021 and beyond.

The Impact of the COVID-19 Pandemic

2020 saw businesses worldwide swap offices and meeting rooms for email, instant messaging, and video conferencing. Sensitive business information is now discussed across collaboration tools and extended email threads instead of face to face. Employees are adjusting to a new working environment with household distractions. And unfortunately, the swell of digital activity and uncertainty has presented cybercriminals with an unprecedented opportunity to take advantage. Some of the key trends attributed to the global pandemic in Mimecast’s State of Email Security Report includes:

  • 64% increase in email-based cyberattacks.
  • 47% of survey respondents witnessed an increase in email spoofing activity.
  • Employees are three times more likely than before to click on malicious URLs.
  • Phishing has been the predominant threat, with 63% of respondents facing a surge in targeted malicious emails.
  • 51% of respondents reported an increase in Business Email Compromise attacks (BEC), a significant year-on-year rise.

The Rise of Ransomware

The impact of ransomware has been growing each year in Mimecast’s State of Email Security Report and is now affecting more businesses across all regions and industries than ever before. This year, almost 80% of survey respondents indicated that their companies had experienced setbacks in 2020 due to a lack of cyber preparedness and ransomware was identified as the primary cause of these disruptions. In relation to ransomware, Mimecast reported:

  • Over 60% of companies were disrupted by a ransomware attack in 2020, a 20% increase on the previous year.
  • Businesses lost an average of six working days to system downtime, with over a third affected for a week or more.
  • More than half of ransomware victims paid the ransom, but a third never saw their data again.

The Lack of Cyber Preparedness

While most respondents either have email security systems in place or are looking to do so, many critical safeguards are lacking. A significant number of businesses are failing to monitor inbound and outbound threats, protect against data exfiltration, and remove malicious emails. While some companies have additional protections in place and are leveraging machine learning technology, many rely entirely on the safeguards provided by Microsoft 365 and are falling drastically short. This explains some of the key findings around cyber preparedness:

  • Almost 80% of companies were hurt by their lack of cyber preparedness.
  • 40% of respondents said their organisations fall short in one or more critical areas of email security, exposing employees to email-borne attacks.
  • 43% of companies believe that employee naivete is one of their greatest vulnerabilities.
  • Only one in five businesses have ongoing securing awareness training in place.

The Need for a Cyber Resilience Strategy

While the Pandemic seems to be slowing down, the threat of email-borne attacks is set to do no such thing. Cybercriminals will continue to exploit any and all vulnerabilities. That means focusing on employees who continue to work remotely as well as those transitioning back to the office. The chief deterrent is the scope and depth of a business’s cyber resilience strategy. Microsoft 365 is good but a layered defence is much better. This is what gives companies the ability to prevent and adapt to new threats and quickly respond and recover from attacks.

44% of respondents already have a cyber resilience strategy in place and feel more confident in their ability to withstand email-borne attacks. It goes to show that building a holistic approach of layered email defences coupled with security awareness training is the best way to protect your business.

How to Protect Your Business

Over two-thirds of businesses are expecting a disruption due to an email security attack in 2021, which means it pays to be prepared. Mimecast’s State of Email Security Report can help you deliver continuous improvements to your cybersecurity posture moving forward into the post-COVID world.

If you want to bolster your defences, at InfoTrust, we offer a comprehensive approach to securing your email ecosystem. Contact us today to find out how we can help protect your business now and into the future.

see our

Related resources