That is the finding of Mimecast's 2023 State of Email Security report. This increase in cyber threats is having a real impact on business leaders, the company says, showing that "cyber risk is not just an IT problem, but a critical vulnerability for the organisation".

The most prevalent attacks highlighted in the report reported are phishing, ransomware and spoofing. Phishing was found to be the most widespread, especially among large enterprises with more than 10,000 employees, where 73% reported a significant rise in phishing attempts. Smaller businesses were affected more severely. Although two-thirds reported falling victim to ransomware.

There were ten top takeaways in the SOES report, each one representing a key insight or recommendation for businesses to take on board:

Cyber attacks are the biggest business risk - there’s no risk quite like cyber risk, it’s feared by businesses more than inflation or climate change and it’s no wonder, with the world standing to lose $8 trillion this year.

Securing email is fundamental - media is the primary attack vector because it’s the easiest route of entry for cybercriminals. Businesses are using email more, seeing more email-based threats and expecting more serious consequences as a result.

Collaboration tools are risky - as collaboration tools are used more regularly by modern businesses, collaboration-tool-based attacks are on the rise. Threats posed by the tools urgently need to be addressed.

Cyber awareness training is fundamental - with phishing attacks relying on deception, providing ongoing and engaging training is vital to mitigate the risk. Fostering a culture of cyber awareness is a fundamental part of cyber security.

DMARC is vital to prevent spoofing - nearly every company is getting spoofed; taking advantage of the domain-based message authentication, reporting and conformance (DMARC) protocol is a vital defence.

The protection offered by productivity suites isn’t enough - businesses can’t depend solely on security provided by the likes of Microsoft 365; they need to implement additional layers of protection to protect against malicious email attachments.

Insurance policies don’t equal prevention - it makes financial sense to insure against cyber risk, but it isn’t the same as prevention. Cyber preparedness is the only way to actually reduce cyber risk.

AI can offer many benefits - as cybercriminals are using AI to boost ransomware, phishing scams and more, businesses should use AI and next-gen technology to fight back. Benefits include more accurate threat detection and better threat blocking.

More budget is needed - cybersecurity budgets are frequently falling short. While corporate boards are finally paying attention to cybersecurity, many other priorities often stand in the way of cybersecurity getting the funding it needs.

The C-suite is taking cybersecurity more seriously - CISOs finally have an opportunity to highlight cyber risk and to make a case for greater cyber resilience. While there will be more scrutiny, there is a chance to improve cyber posture.