Mimecast Research Charts

Mimecast Customer Research

64% of Organizations Have Employees that Aren’t Enthusiastic about Security Awareness Training

How enthusiastic are your employees about your security awareness training?

Very Enthusiastic: 5%

Somewhat Enthusiastic: 22%

Neutral: 35%

Not Very Enthusiastic: 24%

Resistant - Very Unenthusiastic: 5%

We do not conduct security awareness training: 9%

Mimecast Customer Research

Sales is the Department Most Likely to Make Careless Mistakes

Which internal department of your organization is most likely to make a careless security mistake?

Sales: 25%

Executives: 15%

Support Staff: 15%

Finance: 13%

Operations: 13%

Marketing: 6%

Engineering: 2%

Other: 10%

Mimecast Customer Research

Short & More Frequent Trainings are a Best Practice that Most Aren’t Following

In general, how long is each training session?

30-60 minutes: 27%

15-30 minutes: 20%

5-15 Minutes: 14%

We don’t conduct security awareness training: 14%

1+ Hours: 12%

Less Than 15 Minutes: 10%

Other: 4%

Mimecast Customer Research

59% of Organizations Conduct Awareness Training Quarterly or Less Often!

How often do you conduct security awareness training?

Annually: 37%

Quarterly: 22%

Monthly or more frequently: 15%

On an as needed basis when we have a security incident: 13%

We don’t conduct security awareness training: 9%

Only at time of hire: 5%

Mimecast Customer Research

Most Awareness Training Programs are Created In-House

What solution do you use for security awareness training?

We create our own security awareness training: 53%

We do not conduct security awareness training: 11%

Mimecast Awareness Training (formerly Ataata): 8%

Wombat: 5%

SANS: 3%

Cofense: 2%

Ninjio: 0%

Other: 18%

Mimecast Customer Research

The Jury is Out on the Effectiveness of Service Providers’ Use of Threat Intelligence

Do you believe that your service providers are sufficiently using threat intelligence to protect your business?

I Don't Know: 43%

Yes: 43%

No: 14%

Other: 1%

Mimecast Customer Research

Human Error – Both Directly & Via Phishing Are #1 & #2 Biggest Security Risks!

What do you believe is your biggest risk when it comes to cyber security?

Human errors: 39%

Phishing/email-borne threats: 35%

Vulnerability management/Patching: 11%

Insider threats: 9%

Detecting malware: 4%

I Don't Know: 2%

Other: 1%

Mimecast Customer Research

Organizations Have a Long Way to Go to Get the Most from Their Security Products

Do you feel you have operationalized all of your security products 100% in order to protect your organization?

Yes: 18%

No: 67%

I Don't Know: 15%

Mimecast Customer Research

Human Error & Phishing are the Top Perceived Security Risks

What do you believe is your biggest risk when it comes to cyber security?

Human errors: 39%

Phishing/email-borne threats: 35%

Vulnerability management/Patching: 11%

Insider threats: 9%

Detecting malware: 4%

Mimecast Customer Research

Respondents are Looking for Actionable Threat Intelligence

What do you believe is missing from currently available threat intelligence services?

I Don't Know: 35%

Recommended defensive actions that you should take: 32%

Detail about how a threat might impact your organization: 20%

Attacker Attribution: 7%

Nothing: 6%

Other: 1%

Mimecast Customer Research

Respondents are Split on the Effectiveness of Service Providers’ Use of Threat Intelligence

Do you believe that your service providers are sufficiently using threat intelligence to protect your business?

Yes: 43%

I Don't Know: 42%

No: 14%

Other: 1%

Mimecast Customer Research

SIEMs are the #1 Threat Intelligence Management Platform in Use

What tool/platform are you using to collect and manage threat intelligence?

I am not collecting threat intelligence: 39%

SIEM: 32%

Threat Intelligence Management Platform: 13%

Other: 7%

Microsoft Excel: 5%

A Custom Database: 4%

SOAR: 0%

Mimecast Customer Research

Proactively Addressing Attacks is the #1 Value of Threat Intelligence Feeds

What value do your threat intelligence feeds provide?

Proactive risk/attack mitigation: 41%

I do not use threat intelligence feeds: 30%

Detections of a current or past compromise: 16%

Profiling of threat actor tools and techniques: 4%

Context for a threat investigation: 4%

Brand protection: 3%

Other: 1%

Mimecast Customer Research

86% of Organizations Use 3 or Fewer Free Threat Intelligence Feeds

How many free intelligence feeds do you have today?

0: 41%

1-3: 45%

3-5: 9%

5+: 5%

Mimecast Customer Research

91% of Organizations Use 2 or Fewer Paid Threat Intelligence Feeds

How many paid threat intelligence feeds do you have today?

0: 50%

1-2: 41%

3-5: 8%

5+: 2%

Mimecast Customer Research

The Majority of Organizations Have Very Small or No Threat Intelligence Management Teams

How many members of your team are dedicated to the collection, management, and use of threat intelligence?

0: 31%

1-3: 58%

4-5: 5%

5+: 6%

Mimecast Customer Research

50% of Respondents Don’t Use Commercial Threat Intelligence Feeds

How many paid threat intelligence feeds do you have today?

0 Paid Intelligence Feeds: 50%

1-2 Paid Intelligence Feeds: 40%

3-5 Paid Intelligence Feeds: 8%

5+ Paid Intelligence Feeds: 2%

Mimecast Customer Research

61% of Respondents Would Value the Integration of Web Security with the Mimecast Secure Email Gateway

How much would you value a web security solution that is tightly integrated with the Mimecast Secure Email Gateway with Targeted Threat Protection?

Not valuable: 5%

Somewhat valuable: 19%

Neutral: 32%

Valuable: 29%

Very valuable: 13%

Other: 2%

Mimecast Customer Research

Regarding web security, my organization currently uses a:

A mix of on-premises and cloud-based solution: 37%

On-premises web security solution: 32%

Cloud-based web security solution: 27%

None: 4%

Mimecast Customer Research

The primary reason my organization requires web filtering is to:

Block access to malicious web sites: 69%

Support acceptable web use policies: 22%

Log historical access to web sites visited: 1%

Other: 8%

Mimecast Customer Research

Corporate Issued Mobile Devices Require Protection When Off the Corporate Network

How important would it be to protect corporate-issued mobile devices with the same web security system and policies that apply on your corporate network?

Not important: 6%

Somewhat important: 21%

Neutral: 14%

Important: 38%

Very important: 21%

Mimecast Customer Research

Organizations Have Many Key Requirements for Their Web Security Systems

Please select the features of a web security system that are important to you

Blocking malicious web sites with high efficacy	97%
Inspection of file downloads suspected of containing malware	93%
Having control of site(location), user, and group-specific policies	80%
Having a comprehensive reporting dashboard	76%
Capability to extend web security to devices when they are off the corporate network	75%
100% uptime SLA for the web security service	71%
Historical web access audit logging	70%
Fast deployment and setup (Less than 60 minutes)	56%
Integration with Mimecast Secure Email Gateway with Targeted Threat Protection	47%

Mimecast Customer Research

42% of Respondents See Integration with Mimecast SEG as a Key Value!

How much would you value a web security solution that is tightly integrated with the Mimecast Secure Email Gateway with Targeted Threat Protection?

Not valuable: 5%

Somewhat valuable: 19%

Neutral: 32%

Valuable: 29%

Very valuable: 13%

Other: 2%

Mimecast Customer Research

The Transition to the Cloud is Underway, But Has a Way to Go

Regarding web security, my organization currently uses a:

A mix of on-premises and cloud-based solution: 37%

On-premises web security solution: 32%

Cloud-based web security solution: 27%

None: 4%

Mimecast Customer Research

No Surprise, But Security is #1 Reason for Web Filtering!

The primary reason my organization requires web filtering is to:

Block access to malicious web sites: 69%

Support acceptable web use policies: 22%

Log historical access to web sites visited: 1%

Other: 8%

Mimecast Customer Research

Only 11% of Organizations Agree that O365 Alone Provides Sufficient Email Security

The email security provided by Microsoft Office 365 on its own is sufficient.

Strongly disagree: 21%

Disagree: 41%

Neutral: 27%

Agree: 7%

Strongly agree: 4%

Mimecast Customer Research

83% of Organizations Saved Hours of IT Time Every Month Since Deploying Internal Email Protect

Since deploying Mimecast Targeted Threat Protection Internal Email Protect, approximately how many hours of IT time do you save per month?

0 hours: 17%

1-10 hours: 49%

11-20 hours: 23%

21-30 hours: 6%

30+ hours: 6%

Mimecast Customer Research

Credential Harvesting Attacks are Running Rampant

In the last 12 months has your organization encountered threats caused by attackers infiltrating and compromising your users’ email accounts?

Yes: 51%

No: 49%

Mimecast Customer Research

The primary reason my organization decided to deploy Mimecast’s Targeted Threat Protection – Internal Email Protect was we:

Experienced security incidents that involved attackers compromising our employees’ email credentials and then accessing our email systems to spread the attack: 33%

Were concerned that we were not sufficiently monitoring our internal or outbound email: 33%

Required the capability to continuously monitor inbound file attachments and have them removed if they were found to be malicious post-delivery: 17%

Other: 11%

Had incidents where our employees were sending sensitive data via email in violation of organizational policy or causing a data breach: 4%

Needed to remediate and remove emails that were sent internally via email: 2%

Mimecast Customer Research

84% of Internal Email Protect Users Would Recommend it to Their Peers

I would recommend Mimecast Targeted Threat Protection – Internal Email Protect to my peers.

Strongly disagree: 4%

Disagree: 1%

Neutral: 12%

Agree: 38%

Strongly agree: 46%

TechValidate Research on Mimecast

38 Charts – Page 1 of 2

64% of Organizations Have Employees that Aren’t Enthusiastic about Security Awareness Training

Sales is the Department Most Likely to Make Careless Mistakes

Short & More Frequent Trainings are a Best Practice that Most Aren’t Following

59% of Organizations Conduct Awareness Training Quarterly or Less Often!

Most Awareness Training Programs are Created In-House

The Jury is Out on the Effectiveness of Service Providers’ Use of Threat Intelligence

Human Error – Both Directly & Via Phishing Are #1 & #2 Biggest Security Risks!

Organizations Have a Long Way to Go to Get the Most from Their Security Products

Human Error & Phishing are the Top Perceived Security Risks

Respondents are Looking for Actionable Threat Intelligence

Respondents are Split on the Effectiveness of Service Providers’ Use of Threat Intelligence

SIEMs are the #1 Threat Intelligence Management Platform in Use

Proactively Addressing Attacks is the #1 Value of Threat Intelligence Feeds

86% of Organizations Use 3 or Fewer Free Threat Intelligence Feeds

91% of Organizations Use 2 or Fewer Paid Threat Intelligence Feeds

The Majority of Organizations Have Very Small or No Threat Intelligence Management Teams

50% of Respondents Don’t Use Commercial Threat Intelligence Feeds

61% of Respondents Would Value the Integration of Web Security with the Mimecast Secure Email Gateway

Corporate Issued Mobile Devices Require Protection When Off the Corporate Network

Organizations Have Many Key Requirements for Their Web Security Systems

42% of Respondents See Integration with Mimecast SEG as a Key Value!

The Transition to the Cloud is Underway, But Has a Way to Go

No Surprise, But Security is #1 Reason for Web Filtering!

Only 11% of Organizations Agree that O365 Alone Provides Sufficient Email Security

83% of Organizations Saved Hours of IT Time Every Month Since Deploying Internal Email Protect

Credential Harvesting Attacks are Running Rampant

84% of Internal Email Protect Users Would Recommend it to Their Peers