Forty one per cent of firms do not have a formal policy process in place to measure their vulnerability to security attacks and assess their security requirements. More worryingly, 57% of firms have no formal processes in place for regularly measuring the performance and effectiveness of their current email security policy.
Although security software or services are in use – with many companies having some anti-virus, anti-spam and/or content filtering measures in place - all 182 respondents reported that they still felt their business was at risk from security threats.
Online fraud scams (36%), spam (34%), and Remote Access Trojans (31%) were seen as significant ongoing threats, while spyware was cited by over half as a major concern (54%). Eighteen per cent were even concerned about Denial-of-Service attacks, which could effectively grind business operations to a halt for a period, with potentially catastrophic affects on business performance and finance.
The fear of the cost of clean up post security attack prompts over two-thirds (64%) of companies to invest in email security. Other companies are promoted to invest in security to protect the confidentiality of their information (56%), to ensure business continuity and productivity (54%), and to ensure the reliability of communications (49%).
Despite increasing regulatory pressures, less than one-fifth of companies were greatly concerned with deploying email security measures to aid compliance with legislation. Given that 16% of businesses have already experienced a Human Resource or legal case in which email content was a crucial factor in the evidence, this suggests that businesses need to wake up to the reality of business risks from email.
However, with respondents split down the middle in terms of awareness of the legislation that requires archiving of email content – 51% claimed to be aware or very aware of the legislation, while 49% not very aware or not at all aware – it is perhaps more a case of blissful ignorance that keeps email compliance worries from the top of the priority list.
Interestingly, regardless of gaps appearing in businesses’ approach to protecting against email risk, two-thirds believe that they take a holistic approach to email security. However, regardless of the increasing business risk and burden associated with protecting and managing email, only 16% already outsource their email security and management to an expert third party provider, while a large proportion (63%) state that they will always keep it in-house.
Commenting on the results, Mark Sunner, Chief Technology Officer at MessageLabs, said, “Clearly concerns about email security concerns continue to run high. But while companies are well aware of the threats that they face, many are not paying sufficient attention to the full array of implications that a lack of comprehensive security protection can have to the business.
“Aside from the likely impact to business continuity and productivity, today’s email security threats have the potential to lead to unauthorised access to or distribution of valuable or sensitive company data. Such disclosure may not only contravene legislation, but may cause irreparable damage to a company’s credibility, reputation and competitiveness. Just as prevention is better than cure, comprehensive email management and security solutions offer companies business protection and confidence in their security, protecting them against unknown security attacks and breaches of confidentiality, fostering a safer working environment.”
“To mitigate the risk effectively, UK firms must put email security on the top of the board room agenda. They need to adopt a more holistic approach to email security management and put stringent, formalised policy procedures in place alongside technology measures. There is no doubt that, despite the current desire to maintain in-house control of email management, as the burden of email management continues to grow, more businesses will be won over by the benefits of outsourcing to a proactive managed service provider.”
* A copy of the full survey results is available at: http://www.messagelabs.com/survey
MessageLabs is the world's leading provider of email security and management services with more than 10,000 clients and offices in eight countries. For more information, please visit http://www.messagelabs.com
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.