Commissioned by OPSWAT
Released September 2024
Executive summary
Organizations in critical infrastructure sectors operate under heightened warnings of cyberattack due to their control of physical infrastructure that wreaks havoc on economic, financial, and health systems when compromised. While warning levels are increasingly high, efficacy at protecting the most common attack vector— email—is low. Most organizations have been breached in the past 12 months (multiple times), half lack confidence in their current protections, and most know their approach is not best in class. With the level of threat posed by email attacks expected to increase over the next 12 months, critical infrastructure organizations intent on strengthening their email security posture must take a dramatic approach that emphasizes prevention and preclusion of email-borne threats. The data in this survey is drawn from a global audience of organizations in critical infrastructure sectors.