Mimecast, an email and collaboration security company, has released its "Behind the Screens" report. Mimecast spoke with leaders worldwide and from five sectors, including financial services, healthcare, the public sector, retail, and entertainment, to learn more about the C-suite and boards' current perceptions of cyber risk. The qualitative report digs deeper into their efforts to articulate risk and provides recommendations from the respondents on what leaders must do to work protected, even as cyberattacks proliferate.

Several highlights from the report include many CISOs (chief information security officers) recognising a knowledge gap on their boards, which places CISOs at a disadvantage when they need to prove ROI on cybersecurity initiatives.

In the face of economic volatility, when most companies around the world tighten their belts in every area of business, including marketing, sales, and general technology, it can introduce even greater cyber risk due to shadow IT or outsourcing to untrustworthy third parties. Most security leaders believe they need a budget increase of 10% to 20% and feel they are likely to get it. Hiring and retaining cybersecurity professionals has also become exponentially more difficult.

The report also added CISOs are being forced to scrutinise budgets and cybersecurity technology through the well-known "people, technology, and process" lens. Many organisations have experienced bloated or disconnected security environments over time, and security vendors must meet the needs of businesses that expect more or better functionality for the exact cost.

Mimecast says phishing protection is a team sport. “Phishing is one of the original cyberthreats, and it persists because attackers can continually adapt their approach. What’s more, automation tools and phishing kits are making it easier for a less skilled cybercriminal to cast a wider net, which can cause greater damage to businesses,” says the report.

“The C-suite has become attuned to creating a company-wide security culture, more specifically, investing in awareness training in tandem with layered cybersecurity frameworks to minimise the likelihood of a successful attack.”

“The modern work surface has led to a high volume of increasingly sophisticated attacks on organisations across Asia Pacific. Budgets are tight and there are continued skills challenges, yet the opportunity for CISOs to protect their organisations has never been better. We need to keep the link between cyber risk and business risk front of mind when speaking to the board. It’s also important to avoid the trap of a monolithic security provider by implementing layered, best-of-breed cybersecurity tools; and to secure against age-old threats like phishing with email protection and awareness training for employees,” says Garrett O’Hara, director for solutions engineering in APAC at Mimecast.

“Since 2003, Mimecast has stopped bad things from happening to good organisations by enabling them to work protected. We empower more than 40,000 customers to help mitigate risk and manage complexities across a threat landscape driven by malicious cyberattacks, human error, and technology fallibility. Our advanced solutions provide the proactive threat detection, brand protection, awareness training, and data retention capabilities that evolving workplaces need today. Mimecast solutions are designed to transform email and collaboration security into the eyes and ears of organisations worldwide."