Only 10% of UK IT security pros feel breaches start with an email

While almost two-thirds (64 percent) of IT security professionals regard email as a serious threat to their business, 65 percent feel unequipped to defend themselves against email-based attacks. Eighty-three percent feel email is one of the top sources of attack.

Mimecast conducted a survey that studied 600 global IT security pros from the US, the UK, South Africa and Australia. Only 35 percent are confident about their preparedness level against data breaches. Nearly half of those who don't feel prepared have previously experienced attacks.

One-third (200) of the professionals surveyed were based in the UK. Only 10 percent of UK respondents felt that email was the number one entry point for attack. The biggest fears of an email breach in the UK were data loss/sensitive data leak (54 percent), brand reputation damage (20 percent) and compliance failure (12 percent). Malware, viruses and insider data leakage were discovered to be the top three email security threats.

Meanwhile, the biggest threats to an organisation's email were downtime (28 percent), cyber-criminals (23 percent) and malicious insiders (17 percent). Over half (51 percent) of UK respondents don't feel prepared to cope with malicious insider attacks, over one-third for mobile device compromise or malware (35 percent) and over a quarter for spear-phishing or targeted email attacks (27 percent).

The study also found that the top 20 percent of all the global organisations that feel the most secure are 250 percent more likely to see email as their largest vulnerability. 

Orlando Scott-Cowley, cyber-security Strategist at Mimecast, commented: “Organisations need to wake up and realise that email is still the easiest route into their business for hackers. Email allows cyber-criminals to target individual employees with malicious links, weaponised attachments and social engineering. Most hacks start with an email and greater protection and rigorous employee training programmes are now required."