Australians are more worried about email security than their peers in comparable countries and fully half of IT decision-makers believe their organisations are more vulnerable to attack than they were 12 months ago, according to new survey results that also found Australian businesses are more concerned about email breaches causing reputational damage than about the actual loss of data.
The figures – collated in Mimecast's Email Security Uncovered survey of 600 IT decision-makers in the US, UK, South Africa and Australia – also found that 40 percent and 39 percent of Australian respondents felt unprepared to deal with malicious insider attacks and the compromise of mobile devices, respectively.
The numbers suggested that concerns about email security have permeated the C-level far more in Australia than in other countries, with 95 percent of respondents saying C-level executives were engaged with email security and risk-management practices – compared to 89 percent in South Africa and 74 percent in the UK. Australia was the only of the four surveyed markets to report that no C-suite executives were 'not at all engaged' with email security.
This may be explained by the finding that 55 percent of Australian respondents have experienced an email hack or breach – compared with 30 percent in South Africa, 26 percent in the UK, and 24 percent in the US.
Such breaches were particularly flagged for their potential to damage companies' reputations, a concern that was named by 53 percent of South African respondents and 52 percent of Australians; by contrast, just 48 percent of US companies and 34 percent of UK companies that felt reputational damage was the biggest risk from an email breach.
That's a significant finding given that the Mimecast respondents reported that 37 percent of security breaches costed them more than $US1 million ($A1.4m), approximately equal to the 39 percent of breaches that costed less than $US100,000 ($A140,000).
Despite their impact, the report noted that experience gained during attacks “can be a key tool to inform strategies to combat future threats” and noted that IT security managers with direct experience in handling an attack generally felt more exposed to email threats than their peers with no direct experience.
“IT security managers who have direct, recent experience with an email hack are more open-minded in the threats that give them pause,” the report observes, noting that respondents without direct experience of a hack ranked viruses and malware as their top email security concerns – while those who did have that experience were more concerned about issues such as social engineering, inappropriate content, and cyber-bullying and harassment.
The analysis categorised IT managers based on their past experience with hacks or breaches, as well as their confidence in their own security, and found just 19 percent were 'equipped veterans' who have experienced breaches and were ready for the next attack. Some 28 percent were 'battle-scarred' who had experienced an attack and weren't prepared for the next breach, 6 percent were 'nervous' and feel “totally unequipped” to handle a breach.
The largest single group of IT decision-makers – comprising some 31 percent of respondents – was labelled as 'apprehensive', who have no experience with a hack and don't feel prepared to deal with one. A further 16 percent were 'vigilant' – suggesting they had never experienced a hack or breach but felt ready to do so should one occur.
The research also found that Australians were more concerned about ransomware than their overseas peers, with 34 percent rating ransomware as a high threat compared to 25 percent in the US and 18 percent in South Africa. This is consistent with ongoing reports suggesting that ransomware authors are particularly targeting Australians with schemes designed to exploit Australians' relative wealth and technological nous.
With data increasingly being stored in the cloud, it’s critical to be able to evaluate and manage the security of cloud solutions. Dropbox's Solutions Architect team are teaming up with the Symantec Information Protection group to discuss the latest industry best practices.
Register here for the February 25th webinar on* Managing enterprise cloud security.
Join us at the CSO Perspectives Roadshow in March.
CSO is proud to present our international keynote speakers: Robert Lentz, former CISO of US Department of Defense discussing the evolution of Cyber Security and Graham Cluley, world- renown IT Security blogger and Analyst (UK) on the rise of Malware in our age. We will also be featuring our Security Awareness stream, where you will hear from the likes of NAB and ANZ, as they discuss the importance of staff and customer security awareness programs. We will have up to 18 different interactive Security Exchange discussions on a variety of different topics for you to choose from as you build your personalised agenda for the day. Join CSO for a day of networking with your peers, engaging and discussing topics relevant to you, hearing from some of the top worldwide IT Security leaders in the market and attending the exhibition floor to win some amazing prizes.