Nearly all companies were the target of phishing attacks in 2021, and most say these attacks are occurring more frequently, according to State of Email Security 2022, a global study released Tuesday by security firm Mimecast.
Worse, 75% of companies were hit by ransomware attacks during the past 12 months. Nearly 66% paid the ransom to get their data released, and more than 33% experienced downtimes of a week or more.
Companies experienced an average of 10 email and website spoofing attempts in the past year -- and 90% have seen data leaks and business email compromise attacks, although phishing is the most common email-borne threat, the study says.
Unfortunately, 90% of companies surveyed in the study say the security defenses provided by the Microsoft 365 productivity platform are insufficient.
On a positive note, 96% say their firms have begun -- or are well into the process of developing -- a strategy for cyber defense. And 90% deploy DMARC (Domain-based Message Authentication, Reporting and Conformance).
On average, firms allocate 14% of their IT budgets to security, but the respondents prefer to designate 17%.
Mimecast surveyed 1,400 information technology and cybersecurity professionals in 12 countries.