The State of Human Risk: Email and Collaboration Threat Protection

The need to address human risk inside today’s organizations is the overwhelming top priority for cybersecurity teams in 2025. It is also the main theme of Mimecast’s recently released ninth annual report on the state of the industry, this year aptly titled The State of Human Risk 2025.

Each year, Mimecast conducts a survey of CISOs and other cybersecurity professionals to gain an understanding of the problems they are facing and the issues that are their priority for the coming year. For 2025’s report, we surveyed 1,100 IT security and IT decision makers from the United States, United Kingdom, France, Germany, South Africa, and Australia. A range of private and public sectors were covered, including healthcare, retail, finance, manufacturing, and utilities.

Email and Collaboration Threat Protection

One of the focus areas of this year’s report is a subject that remains a very important focus for security teams of all sizes in virtually all industries around the globe – email and collaboration threat protection. Recent Garter research has demonstrated that a single successful ransomware attack can result in a loss of $17.6M.

Collaboration platforms like Slack, Zoom, and Microsoft Teams, along with email tools, have become engrained in how employees interact on a daily basis and have also become a vital part of how they collaborate to complete their tasks. Unfortunately, however, cybercriminals know how much these collaboration tools are being used and target these everyday interactions between employees in order to compromise organizations. This turns employees into unwitting participants in cyberattacks.

In fact, while email remains the most exploited entry point for attackers, collaboration tools are a growing attack surface, with a 7% increase in attacks over 2024. This makes it imperative for organizations to adopt AI-powered email and collaboration tool security solutions. AI tools not only secure email and collaboration platforms but also improve staff productivity by intercepting sophisticated threats before they cause a breach. These AI-powered technologies are designed to adapt to attackers’ evolving tactics, protecting even the most careful employees from falling victim. 

The growing threat to collaboration platforms should set off alarm bells, not just for IT and security teams, but for companies as a whole. Organizations need to act fast to stay ahead of these threats.

For example, deploying a human risk management platform can assist with collaboration tool security by integrating with Slack's API to capture a complete record of all messages, including edits and deletions, allowing for comprehensive monitoring, data loss prevention, and ediscovery capabilities by providing a searchable archive with AI-powered analysis to detect sensitive information and potential compliance violations within Slack conversations. An HRM platform acts as a centralized control point to enforce data security policies across the collaboration platform.

Sophisticated Business Email Compromise Attacks

Another area in which attacks are on the rise is business email compromise (BEC), which is experiencing a significant increase in frequency and sophistication, largely due to the growing availability of AI tools that enable more personalized and convincing phishing campaign. Sophisticated BEC attacks are more damaging and harder to detect. Gartner recently reported that even small businesses with less than $2B in revenue can experience BEC attacks that can cost up to $30M. 

AI is also essential for combating BEC as it adapts to evolving threats. But security teams must integrate AI with proven methods. The challenge is for security teams to manage and tune vast amounts of data, while threat actors continuously change their techniques, requiring detections that do not rely on signatures or heuristics.

Email and Collaboration Security Survey Results

The results of our survey pain a very vivid picture of where organizations stand with email and collaboration security. A full 95% of respondents are expecting to see email security challenges in 2025, and 44% of survey respondents confirm they have seen an increase in collaboration tool threats over the last 12 months.

Further evidence of an increase in collaboration tool threats includes the fact that 61% of respondents say that it is inevitable or likely that their organization will suffer a negative business impact from an attack linked to a collaboration tool in 2025. Additionally, 79% agree the use of collaboration tools within their organization poses new threats and security loopholes that urgently need to be addressed, and 67% agree that most native collaboration tool security is insufficient to meet their needs.

There is a silver lining in our results, though, as 60% say their organization has a formal cybersecurity strategy that spans all key business functions, which is up from 48% in 2024, and 96% say that the adoption of a formal cybersecurity strategy has improved their organization’s risk level overall.

In more good news, 38% of organizations stated their cybersecurity practices are completely effective in protecting employees and their supply chain, and 37% said the same of protecting their customers. In addition, 48% felt their cybersecurity practices were mostly effective in protecting employees and customers, and 46% said the same for their supply chain. That leaves a minority with the belief that they are not completely or mostly effective in protecting their employees (14%), customers (15%), and supply chains (16%), respectively.

The Bottom Line

While we are seeing some great improvements in how organizations are dealing with email and collaboration tool security threats, there has never been a time for security teams to be more vigilant in deploying and maintaining AI-powered security tools, coupled with a human risk management platform and human-centric security awareness training. Learn more by reading the full State of Human Risk 2025 report.