EMEA IT security professionals are suffering under the pressure of email attacks

Every day, there are countless headlines in the world’s media documenting the damage of cyber attacks. It’s almost always the financial and reputational damage inflicted upon organisations that’s focused upon, rather than the human cost of these attacks.

  • Friday, 26th July 2019 Posted 5 years ago in by Phil Alsop

In order to find out more about this, Barracuda Networks carried out a study of 660 IT security professionals in organisations between 100 to over 5000 employees across the globe. Of those, almost 20% of responses (124) came from EMEA.

The results make worrying reading for businesses, suggesting that employee productivity is under considerable threat from email security attacks. At a time when organisations are looking to maximise budgets and resources, we discovered that 40% of IT professionals in EMEA consider email security attacks to have a negative impact on employee productivity.

The human element

According to the survey, EMEA IT teams receive more suspicious emails than the global average, with 7% receiving over 50 per day and a third (32%) receiving between six and 50 per day.

Although 44% of respondents agreed that very few (less than 10%) of the suspicious emails reported turn out to be fraudulent, the time taken to identify and respond to email reports on this scale is taking its toll on IT teams’ productivity. So much so, that the vast majority (81%) admitted spending over 30 minutes investigating and remediating each email attack, while 47% spend over an hour per attack.

It’s clear email attack management has created a significant overhead for EMEA organisations. Without the correct automated incident response tools in place to alleviate the stress and complexity of email attacks, the manual investigation and resolution time can only be expected to rise.

A rising concern outside of the workplace

Outside of the office, these attacks are also affecting the well-being of IT professionals at home. Over a third (38%) blame email attacks for increased stress at work, with senior IT leaders most likely to suffer this impact.

The same number (38%) admit to worrying about email attacks outside of work hours with 16% having to cancel personal plans due to email attacks. Additional stress comes from the potential reputation damage that comes from successful attacks, which 32% admit is a concern.

This stress is also reinforced by respondents lack of faith in their organisation’s security. Over half (52%) of EMEA respondents claim that their organisation’s security is unlikely to have improved in the last year, compared to the global average of 63%. The global results also identified EMEA as the region most likely to fall victim to spear phishing attacks, with 48% of EMEA organisations falling victim to spear phishing in the past twelve months.

The results found that the impact of spear phishing attacks on the reputation of organisations in EMEA is much higher compared to other regions; 39% of EMEA respondents reported damage to the reputation over the past year, compared to the global average of 27%.

Combine this with the fact that EMEA respondents believe their investment is lagging behind the rest of the world when it comes to dedicated spear phishing and automated incident response and we begin to see the worrying spot EMEA IT teams find themselves in.

But why is this the case? Especially since IT professionals know that successful security requires a combination of innovative technology and effective training.

A lagging region

Firstly, EMEA budgets are increasing at a much slower rate than the rest of the world. This could be attributed to the pattern of spending on email security, which shows that over half (54%) of EMEA organisations have not changed their spending over the past year, versus a global average of 45%, while only 39% have increased their spending (compared to 48% worldwide).

In addition to this, most organisations are also lacking correct security awareness training, with almost a quarter (23%) of EMEA respondents admitting that they have never received email attack training, compared to the global average of 17%. Less than a quarter (21%) of EMEA respondents had received sufficient email security training in the past three months. For context, in the US this number almost doubled at 39%.

Across the board EMEA IT security teams are lagging behind their global peers when it comes to email security, which is having a direct impact on the productivity and stress of their employees. Be it the right tools, the right training or more, it’s clear EMEA organisations have far to go to bridge the gap and turn their employees into an effective line of defence as part of a wider holistic email protection strategy.