New research from cloud-based email management firm Mimecast, Inc. has found that a majority of global businesses are ill-equipped to defend against email-based cyberattacks.

The study: Mimecast Business Email Threat Report 2016, Email Security Uncovered, surveyed 600 IT security professionals and found that while 64 percent consider email a serious security threat to businesses, some 65 percent feel they are not fully equipped to defend against those very same attacks.

Remarkably, despite rapid progression in defense mechanisms, one-third of those surveyed said that they believe their email is more vulnerable today that it was five years ago.

Only 35 percent feel confident about their level of preparedness against data breaches, and of the 65 percent who said they are not adequately prepared against potential attacks, close to half had experienced such attacks in the past, showing that despite experiencing the damage such attacks can cause, for various reasons their ability to defend against them has not improved.

Eighty-three percent of those surveyed said that in their experience email was a common attack vendor, and yet 10 percent said that within their enterprise there was zero email security training in place, with a further 23 percent lacking any supplementary security measures.

Budget and C-suite involvement were the biggest gaps found between the most and least prepared respondents, according to the report.

Five out of 6 IT security managers who felt most prepared said their C-suite is engaged with email security, however only 15 percent say their C-suite is extremely engaged in email security with a further 44 percent saying they were somewhat engaged, not very engaged, or not engaged at all.

Other notable results from the report included that the least confident IT security managers are likely to be using Microsoft’s Exchange Mail Service 2010, which Microsoft ended support of in 2015, while the most confident were using Exchange Server 2013; 70 percent of those surveyed had recently and directly experienced a targeted email hack and had to employ internal safeguards, such as data leak prevention or targeted threat protection; and only 48 percent of IT security managers in smaller firms feel confident and well-prepared for tackling email security threats.

Ongoing risks

“Our cybersecurity is under attack and we depend on technology, and email in particular, in all aspects of business,” Mimecast Chief Executive Officer Peter Bauer said in a statement sent to SiliconANGLE. “So it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend themselves against email-based threats in particular.”

“As the cyber threat becomes more grave, email attacks will only become more common and more damaging. It’s essential that executives, the C-suite in particular, realize that they may not be as safe as they think and take action.”

A full copy of the report is available here.

Image credit: intelfreepress/Flickr/CC by 2.0