If you live and breathe info security, you’re undoubtedly familiar with the many sobering statistics that chronicle the persistent challenges of email security and phishing attacks:
- 90% of all cyberattacks begin with a phishing attack ( Verizon Data Breach Report)
- $3.9 Million is the average cost of a data breach ( IBM)
- 34% of businesses hit with malware took a week or more to regain access to their data ( Kaspersky)
But beyond these alarming statistics remain a number of open questions about how organizations are preparing for and responding to this evolving threat landscape.
Specifically, we wanted to better gauge how phishing and email security is perceived and prioritized by the various enterprise stakeholders – from the C-Suite executives to the frontline defenders, such as incident responders and security operation center (SOC) analysts. So, in partnership with Osterman Research we commissioned a cross-industry survey of 252 security professionals from the United States and the United Kingdom and today released the findings in a new detailed report entitled: The Phishing Prevention Perception Gap: Robust Email Security Requires Alignment Between Security Practitioners and Decision Makers.
The Disconnect Between Decision Makers and Security Practitioners
Through the study we uncovered a variety of trends and observations around how these different roles assess the risk of email security, how their time is spent responding to the most common email threats, whether they are leveraging new automation tools and technologies to detect and mitigate attacks, and insights into other key quantitative metrics aimed at benchmarking their capabilities.
Perhaps most notably, the survey revealed that a serious disconnect exists between how decision makers (i.e., CISOs, CIOs and CEOs), and security practitioners (i.e., IT managers and directors, security architects and security operations analysts) perceive phishing prevention. In summation, the survey found that decision makers are four times more likely than security practitioners to consider email security the highest priority, suggesting that security personnel believe that they have a sufficient handle on phishing prevention while the C-Suite sees substantial business risk.
Survey Shows Phishing Takes a Long Time to Detect
Beyond the reported disconnect, the survey also found that for a surprisingly large number of organizations, detecting a phishing attack takes a relatively long time, with 67% of respondents reporting that it took them six minutes or longer to identify and remediate a phishing email. Given that it takes less than 90 seconds for most users to click on a phishing link and introduce a threat into the network environment, this demonstrates the need for organizations to adopt & automate real-time threat intelligence.
Moreover, the survey identified another disconnect between security decision makers and security practitioners when asked about how much time is being spent during a typical week by the security team investigating, detecting, or remediating phishing email attacks. On average, decision-makers underestimate the amount of time required by practitioners to deal with phishing, suggesting that the C-Suite may not appreciate all that is required of practitioners in their daily routine of addressing these threats.
Machine Learning and Artificial Intelligence on the Horizon
When it comes to comprehending the issue of how these organizations are currently using or plan to leverage new technologies such as Artificial Intelligence and Machine Learning to accelerate the detection of email threats, almost half (49%) of respondents said that they are currently using some form of machine learning while almost three-quarters of those surveyed (71%) reported that they are using some form of automation. Interestingly, there is a disconnect as well between the C-Suite and practitioners when asked about machine learning and AI with a higher percentage of execs reporting that they are using these advanced technologies than the practitioners who actually use the tools.
These highlights represent just a small sample of findings from this comprehensive and eye-opening survey. Be sure to download a free copy of our anti-phishing study and contact us to learn about how our award-winning self-learning email security platform is reducing risk for thousands of companies worldwide.