Ponemon Institute surveyed 650 IT and IT security professionals to understand the challenges organizations face in protecting end-users from email threats, such as impersonation attacks. While 79 percent say their organizations experienced a serious data breach or cyberattack during the past 12 months, only 29 percent are taking significant steps to prevent phishing and email impersonation. However, 65 percent are likely to implement an automated DMARC enforcement solution if it stopped impersonation attacks.
The following findings illustrate the disconnect between concerns about email threats and fraud and the lack of action taken by companies represented in this study.
- Eighty percent of respondents are very concerned about the state of their companies’ ability to reduce email-based threats, but only 29 percent of respondents are taking significant steps to prevent phishing attacks and email impersonation.
- Only 27 percent of respondents say they are very confident that their organization knows all of the vendors and services that are sending email using the organizations’ domain name in the “From” field of the message.
- Companies have complex email environments. On average, companies in this research have more than 1,000 employees, six servers and 15 cloud-based services that send email on their behalf. However, only 41 percent of respondents say their organizations have created a security infrastructure or plan for email security.
- Despite the ineffectiveness of anti-spam and anti-phishing filters, they have been the primary solution for preventing email impersonation cyberattacks. Sixty-nine percent of respondents say their organizations use anti-spam or anti-phishing filters and 63 percent of respondents say they use these technologies to prevent impersonation attacks.
- Companies are not spending enough to prevent email-based cyberattacks and fraud. While there is a sense of urgency among respondents to address the numerous threats against their email systems, only 39 percent of respondents say their organizations are spending enough to protect email from cyberattacks and fraud.