Australian executives more concerned, engaged with email security issues than overseas peers: Mimecast

Australians are more worried about email security than their peers in comparable countries and fully half of IT decision-makers believe their organisations are more vulnerable to attack than they were 12 months ago, according to new survey results that also found Australian businesses are more concerned about email breaches causing reputational damage than about the actual loss of data.

The figures – collated in Mimecast's Email Security Uncovered survey of 600 IT decision-makers in the US, UK, South Africa and Australia – also found that 40 percent and 39 percent of Australian respondents felt unprepared to deal with malicious insider attacks and the compromise of mobile devices, respectively.

The numbers suggested that concerns about email security have permeated the C-level far more in Australia than in other countries, with 95 percent of respondents saying C-level executives were engaged with email security and risk-management practices – compared to 89 percent in South Africa and 74 percent in the UK. Australia was the only of the four surveyed markets to report that no C-suite executives were 'not at all engaged' with email security.

This may be explained by the finding that 55 percent of Australian respondents have experienced an email hack or breach – compared with 30 percent in South Africa, 26 percent in the UK, and 24 percent in the US.

Such breaches were particularly flagged for their potential to damage companies' reputations, a concern that was named by 53 percent of South African respondents and 52 percent of Australians; by contrast, just 48 percent of US companies and 34 percent of UK companies that felt reputational damage was the biggest risk from an email breach.

That's a significant finding given that the Mimecast respondents reported that 37 percent of security breaches costed them more than $US1 million ($A1.4m), approximately equal to the 39 percent of breaches that costed less than $US100,000 ($A140,000).

Despite their impact, the report noted that experience gained during attacks “can be a key tool to inform strategies to combat future threats” and noted that IT security managers with direct experience in handling an attack generally felt more exposed to email threats than their peers with no direct experience.

“IT security managers who have direct, recent experience with an email hack are more open-minded in the threats that give them pause,” the report observes, noting that respondents without direct experience of a hack ranked viruses and malware as their top email security concerns – while those who did have that experience were more concerned about issues such as social engineering, inappropriate content, and cyber-bullying and harassment.

The analysis categorised IT managers based on their past experience with hacks or breaches, as well as their confidence in their own security, and found just 19 percent were 'equipped veterans' who have experienced breaches and were ready for the next attack. Some 28 percent were 'battle-scarred' who had experienced an attack and weren't prepared for the next breach, 6 percent were 'nervous' and feel “totally unequipped” to handle a breach.

The largest single group of IT decision-makers – comprising some 31 percent of respondents – was labelled as 'apprehensive', who have no experience with a hack and don't feel prepared to deal with one. A further 16 percent were 'vigilant' – suggesting they had never experienced a hack or breach but felt ready to do so should one occur.

The research also found that Australians were more concerned about ransomware than their overseas peers, with 34 percent rating ransomware as a high threat compared to 25 percent in the US and 18 percent in South Africa. This is consistent with ongoing reports suggesting that ransomware authors are particularly targeting Australians with schemes designed to exploit Australians' relative wealth and technological nous.

With data increasingly being stored in the cloud, it’s critical to be able to evaluate and manage the security of cloud solutions. Dropbox's Solutions Architect team are teaming up with the Symantec Information Protection group to discuss the latest industry best practices.

Register here for the February 25th webinar on* Managing enterprise cloud security.

Read more: How responsible are employees for data breaches and how do you stop them?

Join us at the CSO Perspectives Roadshow in March.

CSO is proud to present our international keynote speakers: Robert Lentz, former CISO of US Department of Defense discussing the evolution of Cyber Security and Graham Cluley, world- renown IT Security blogger and Analyst (UK) on the rise of Malware in our age. We will also be featuring our Security Awareness stream, where you will hear from the likes of NAB and ANZ, as they discuss the importance of staff and customer security awareness programs. We will have up to 18 different interactive Security Exchange discussions on a variety of different topics for you to choose from as you build your personalised agenda for the day. Join CSO for a day of networking with your peers, engaging and discussing topics relevant to you, hearing from some of the top worldwide IT Security leaders in the market and attending the exhibition floor to win some amazing prizes.

Join the CSO newsletter!

Error: Please check your email address.

Tags MimecastAustralian executivesDavid BraueIT decision-makersemail securitydata lossCSO Australiasecurity issues

More about CSODropboxIT SecurityMimecastNABSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place