Email Security 2023

    Human Risk and AI in the State of Email and Collaboration Security

    As concern over human risk management and generative AI grows, Mimecast’s The State of Email & Collaboration Security Report 2024 depicts a dramatic rise in cyber preparedness

    by Kiri Addison

    Key Points

    • Human risk is today’s biggest cybersecurity gap and remains largely unaddressed.               
    • Email remains the number-one attack vector for cybercriminals, and phishing attacks remain the top threat to email users.
    • A key reason for the accelerated spread of phishing and ransomware is the emergence of generative AI, which makes it easier for threat actors to perpetrate successful attacks.
    • Bad actors are taking advantage of the rapid spread and growing reliance on collaborative software, which expands an organization’s attack surface.

    The rising need to address human risk management and security awareness training among users across the organization provides the backdrop for Mimecast’s recently released The State of Email & Collaboration Security Report 2024 (SOECS 2024). Based on interviews with 1,100 CISOs and other information technology professionals from numerous industrial sectors and six countries, the report documents the precise nature of these risks and the steps that are being taken to overcome them.

    This year’s findings confirm that human risk is today’s biggest cybersecurity gap and remains largely unaddressed. Meanwhile, email remains the number-one attack vector for cybercriminals, and phishing attacks remain the top threat to email users. 

    A key reason for the accelerated spread of phishing and ransomware is the emergence of generative AI, which makes it easier for threat actors to perpetrate successful attacks by better mimicking real emails. Generative AI eliminates many of the grammatical and spelling errors that were once easily spotted red flags in malicious emails.

    This eighth annual study — expanded for 2024 to include the risks associated with collaboration tools — is heartening, however, as it demonstrates a dramatic rise in cyber preparedness among businesses worldwide.

    Human Risk

    A full 74% of those surveyed for the Mimecast SOECS 2024 report state their cyber breaches are caused by human factors — errors, stolen credentials, misuse of access privileges or social engineering.

    Additionally, 75% of SOECS 2024 respondents say their company is at risk of inadvertent data leaks by careless or negligent employees. More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. Yet, only 15% of companies provide cyber awareness training to their employees on an ongoing basis.

    Email and Phishing Attacks

    Email remains the number-one attack vector for cybercriminals, and phishing attacks remain the top threat to email users. 41% of SOECS 2024 participants experienced more email-based threats in the past 12 months, and 38% see the growing sophistication of these attacks as their biggest email security challenge in 2024. Eight out of 10 companies have been the victims of ransomware, while 75% state they paid the ransom.

    Spending Constraints

    SOECS 2024 respondents also shared that on average, 9% of their organization’s IT budget is allocated to cybersecurity vs. the 12% they’d like to see allocated for cyber preparedness. These spending constraints mean that more than one-third (35%) say they have been blocked from investing in cybersecurity solutions apart from those provided by Microsoft 365.

    Microsoft 365

    Protections provided by the Microsoft software suite have significant limitations without the use of additional non-native security tools. One-third of respondents say M365’s native security protections were unable to prevent malware (37%), spam (33%), or phishing (33%) attacks. And, 32% said that by themselves, the M365 security apps couldn’t block business email compromise and spoofing attacks against their company.

    Generative AI

    A full 80% of those surveyed are concerned about new threats posed by AI. Yet, 86% believe they will be able to respond to an AI-spawned attack as readily as any other incursion.

    Collaboration Tools

    Bad actors are taking advantage of the rapid spread and growing reliance on collaborative software, which expands an organization’s attack surface. 70% of survey respondents say collaboration tools pose urgent new threats. 69% think it is likely, extremely likely, or even inevitable that their company will be harmed by a collaboration tool-based attack. Despite the dangers, 37% of respondents say their companies are only relying on the native security protections included in their collaborative software.

    The Bottom Line

    While many challenges persist and funding shortfalls remain an issue, cyber preparedness is a glimmer of hope for cybersecurity professionals. Organizations need to evolve continually and must bring human risk management to the forefront of their efforts. For a complete, in-depth breakdown of the topics discussed here, read Mimecast’s The State of Email & Collaboration Security Report 2024.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page