The State of Email Security: 2019 Report Australian and global key results


The third-annual Mimecast State of Email Security report provides insights from 1,025 global IT decision makers. As cybercriminals continue to use email as a primary vehicle to steal data and deliver advanced threats, the results of this research provide valuable insights and trends around what’s affecting organisations the most and how they can improve their overall security posture.

The information below show Australian results split into four key categories:

  1. E-mail

“Security breaches don’t just slow you down, they have a direct impact on your business.”

  • 94% of respondents experienced phishing attacks in 2018 (globally 94%, and 55% saw this type of attack increase year over year)
  • 87% experienced email-based spoofing of business partners or vendors (globally 88%)
  • 63% saw an attack where malicious internal email was spread from one infected user to other employees (globally 71%, up from 64% last year).
  • Business-disrupting ransomware attacks have increased, with more than half (51%) experiencing an attack that directly impacted the business operation (globally 53%, up 26% from a year ago)
  • In Australia (59%) and globally, the average downtime from a ransomware attack is 3 days, the same as last year. Nearly one in ten (9.8%) Australian firms reported that they have experienced ransom attacks with 6-7 days downtime.
  1. Awareness Training

“Awareness training needs serious attention, improvement and investment.” The most widely used method at 68% (globally 62%) for awareness training happens in a group session. Is that the most timely or engaging method?

  • 99% of respondents offer cybersecurity awareness training (globally 98%)
  • 66% conduct cyber awareness training quarterly or even less frequently (51% globally). 10% only conduct training once or on an ad hoc basis (globally almost 10%)
  • 35% cited data loss (globally 39%) due to lack of cyber resilience preparedness, 22% stated financial loss (globally 27%)
  1. Threat Intelligence

“If you’re just looking at indicators of compromise after they’ve already infiltrated your organisation, it’s not enough. While some organisations understand that automating the consumption of threat intelligence into existing systems for maximum protection is key, many still aren’t there.”

  • 41% see threat intelligence as extremely important (globally 44%), 32% say it’s important (globally 39%) and 56% note it’ll be extremely important in the next 12 months (globally 55%)
  • 85% of survey respondents are already using in-house or third-party threat intelligence sources (globally 90%)
  • Research shows that six in 10 respondents (61%) are using email security systems that provide threat intelligence data to their security teams in some capacity (globally 58%).
  1. Cyber Resilience

“Playing defence only won’t cut it; in 2019 and beyond, you’ve got to be prepared for the worst,”

  • Less than half of businesses (46%) have a cyber resilience strategy (globally 46.2%)
  • 86% noted it is inevitable that their organisation will suffer a negative business impact resulting in an email-based attack in 2019 (globally 86%)
  • 100% recognise that upon suffering an email-based attack, it’s critical or important to maintain email uptime (globally 98%)

The report can be downloaded here: