A shocking 65% of companies were hit with an email breach within the last 12 months, and the number could be as high as 80% among infrastructure firms. And we can expect more, given the lack of confidence and preparedness, judging by the 2024 Report: Email Security Threats Against Critical Infrastructure Organizations, a study from OPSWAT, conducted by Osterman Research.
Email is the primary attack vector for cyber threats, with attacks taking place through phishing attempts, malicious links, and harmful attachments.
Worldwide, 48% of organizations lack confidence in their existing email security defenses. And 63.6% do not feel that their approach to email security is “best in class.”
"This lax approach from survey respondents emphasizes the need to adopt a zero-trust mindset," says Yiyi Miao, chief product officer at OPSWAT. "The prevalence of email-related breaches poses a significant threat to critical infrastructure organizations, necessitating a shift to a stronger, prevention-based perimeter defense strategy against established communication and data exchange channels."
advertisement
advertisement
The bigger the firm, the greater the threat. Companies with 5,000 employees are at the highest risk.
Here are the main types of attacks:
In terms of feeling secure, things have improved in North America, where 54% of firms express low confidence versus 77% who had little confidence 12 months ago. But that’s still above the worldwide average.
Still, North America outranks the EMEA region when it comes to compliance with email security regulations: 75% feel they comply, and 34% strongly agree.
In contrast, 70% agree in EMEA, with 28% who strongly agree. APAC beats everyone, with 78% saying they comply, and 38% saying they strongly agree.
The big obstacles to email security? They are:
The big threats going forward? In North America, they are:
OPSWAT surveyed 250 respondents in IT and security leadership roles in March 2024.