2024 State of Email & Collaboration Security

    Human Risk and AI: Framing the Future

    The need to address human risk management, email and phishing attacks, and generative AI among users across organizations of all types provides the backdrop for Mimecast’s SOECS 2024 report. Based on interviews with 1,100 CISOs and other information technology professionals from numerous industrial sectors and six countries, the report documents the precise nature of these risks and the steps that are being taken to overcome them.

    SOECS 2024 Mock-up spread diagonal.png

    Human Risk

    Human risk and error are today’s biggest cybersecurity gap and remains largely unaddressed.

    Email + Phishing Attacks

    Email remains the number-one attack vector for cybercriminals, and phishing attacks are the top threat to email users.

    Generative AI

    The rise of phishing and ransomware is due to the emergence of generative AI, making it easier for threat actors to launch successful attacks.

    Stat 1.svg

    of all cyber breaches are caused by human factors

    Nearly three-quarters of all cyber breaches are caused by human factors — errors, stolen credentials, misuse of access privileges or social engineering.

    Stat 2.svg

    of organizations experienced more email-based threats

    Eight out of ten of those companies have been the victims of ransomware, while 75 percent state they paid the ransom.

    Stat 3.svg

    are concerned about new threats posed by AI

    Generative AI eliminates many of the grammatical and spelling errors that were once easily spotted red flags in malicious emails.

    More Key Topics

    In addition to the stats above, the report addresses key topics from cybersecurity professionals working tirelessly to protect their organizations.

    icon_BCircle_empower.png

    Human Risk Management

    More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing.

    HumanRisk.jpg
    icon_BCircle_AT.png

    Security Awareness Training

    Only 15 percent provide security awareness training to their employees on an ongoing basis. 38 percent see the growing sophistication of attacks as their biggest email security challenge.

    awarenesstraining.jpg
    icon_BCircle_visibility.png

    Spending Constraints

    Nine percent of IT budgets go to cybersecurity, vs. the desired 12 percent that IT professionals would like to see for cyber preparedness. One-third report being blocked from investing in cybersecurity solutions outside of Microsoft 365 offerings.

    spending.jpg
    icon_BCircle_Microsoft.png

    Microsoft 365

    One out of three found M365's native security protections couldn't stop malware (37 percent), spam (33 percent), or phishing (33 percent) attacks. They also noted the M365 security apps couldn't block business email compromise and spoofing attacks.

    Microsoft365.jpg
    icon_BCircle_Colab_Security.png

    Collaboration Tools

    Seven out of ten say collaboration tools pose urgent new threats and think they will be harmed by a collaboration tool-based attack. 37 percent say they are relying on native security protections included in their collaborative software.

    collaboration.jpg
    HumanRisk.jpg
    awarenesstraining.jpg
    spending.jpg
    Microsoft365.jpg
    collaboration.jpg
    21BLOG_1.jpg

    Combat Human Risk

    Human risk remains the leading contributor to security breaches, with individuals facing increasingly tailored attacks regularly. By equipping your team with Mimecast's cybersecurity education, they evolve into proactive contributors to your security strategy.

    Get the Full Report

    Organizations need to evolve continually and must bring human risk management to the forefront of their efforts. For a complete, in-depth, read Mimecast’s The State of Email & Collaboration Security 2024 report.

    Discover threats with advanced security from Mimecast

    Start your free 30-day scan today to uncover all the threats that Microsoft misses.

    Back to Top