A large number for IT managers believe email is more vulnerable to attack than it was five years ago.

According to new research from Mimecast, 64 percent of IT security professionals rate email as a major cyber security threat to the enterprise. What's worse, 65 percent believe they are unprepared or don’t have the tools to counter such threats.

The findings are contained in a survey of 600 IT decision makers surveyed in four locations: 200 each in the US and UK, and 100 each in Australia and South Africa.

Now to be fair, Mimecast has a vested interest in making everyone skittish about email. The company's  security, archiving and continuity cloud services are designed to protect business email and mitigate email risks.

But even in that context, the results of the survey are interesting. People seem to have very little trust in email — and 83 percent believe that email is one of the most common sources of cyber attacks.

Office 365 Problems

Orlando Scott-Cowley, director of Technology Marketing at Mimecast, said enterprises that have deployed Office 365 don't feel any more secure despite Microsoft's emphasis on security. The report showed that IT security decision makers using Office 365 recognize the threat that email poses and are just as likely as non-Office 365 users to view email as a high or extremely high threat to their organization (64 percent).

He also said Microsoft has been discouraging enterprises from bringing in third-party security layers for the Office 365 suite. Nonetheless, enterprises are likely to employ advanced email-related security tactics such as data leak prevention (69%), simulated security incidents (48%), and safe social engineering tests (48%).

“There is also a reasonable amount of worry around loss of data, whether an administrator make as configuration changes that results in the loss of data, or whether Microsoft does something that loses data, or someone does something in the enterprise," he said.

Why The C-Suite Should Care

One of the other striking findings is the roles of budget and C-Suite involvement — areas where the gap is widest between the most and least prepared respondents.

Learning Opportunities

Among the IT security managers who feel most prepared, five out of six say that their C-suite is engaged with email security.

Those security managers that feel secure are 2.7 times more likely to have a C-suite that is extremely or very engaged in email security. They are also 1.4 times more likely to see C-suite involvement in email is is appropriate and necessary.

But of all IT security managers polled, only 15 percent say their C-suite is extremely engaged in email security. About 44 percent say their C-suite is only somewhat engaged, not very engaged, or not engaged at all.

The report identified five types of IT security professionals

What should you do?

  • Keep watching traditional threats from malware and virus
  • Pull C-Suite executives in the security equation at all costs
  • More spend means more security
  • Upgrade email software to supported versions or move to cloud email
  • Examine all anti-malware and anti-virus options not just the standard offerings
  • Monitor internal threats as well as external ones
Title image "Headache" (CC BY-SA 2.0) by  Peter Hellberg