Google's email security changes could impact two-thirds of IT leaders
New research conducted by EasyDMARC reveals that due to specific changes in email security requirements all set to be inaugurated from April 2024, Google's decision to reject non-compliant email traffic temporarily could potentially affect two-thirds of IT decision-makers. This implies a risk of their organisations' emails being temporarily rejected.
The research engaged 1000 IT decision-makers spread across the US, UK, Europe, and Oceania to ascertain their views and familiarity with the new email security guidelines. The primary finding suggests that only 37% of the respondents have implemented Domain-based Message Authentication, Reporting & Conformance (DMARC), with less than half possessing familiarity with email authentication protocols.
Only 29% of respondents are aware of the impending changes to be made by Google and Yahoo. However, strikingly, 95% of respondents felt the security upgrades were a sound idea, with 98% forecasting at least a somewhat significant impact on reducing spam and improving business email operations.
While the benefits of the new standard are mostly acknowledged, a remarkable disparity exists in their application. While respondents mostly have a high confidence level in their organisation's email security measures, with 81% expressing trust in their organisations' abilities to protect against phishing and other cyber attacks, less than 15% claim a high familiarity with email authentication protocols. Only around 30% state they are somewhat familiar, while just under 40% have operationalised DMARC. Interestingly, close to 35% were unaware of their organisation's use of email security policies.
The rising problem is further accentuated by the findings that only 29% of respondents were aware of Google and Yahoo's changes in email authentication. Consequently, organisations that fail to comply with the changes risk their emails not reaching their intended recipients' mailboxes.
Although there is strong agreement in principle regarding the positive impact of the standards, there is a disconnect. The vast majority (82%) felt that email service providers were primarily responsible for email security. However, while 40% stated they were likely, and 19% said they would definitely consider implementing email authentication upon learning about the changes, just under a third (30%) asserted that the changes are unlikely to impact them or lead to changes in policy.
Notably, for over 22% of IT decision-makers, even a reduction in email deliverability in the months following the DMARC changes wouldn't be sufficient to prompt their organisation to implement email authentication. This indicates a substantial minority of organisations are unlikely to respond to the new rules despite the majority's support.
Gerasim Hovhannisyan, CEO of EasyDMARC, says, "While it's heartening to observe a significant consensus among IT professionals regarding these standards' potential impact, the disparity between recognition and implementation indicates a crucial requirement for improvement."
Hovhannisyan added that "DMARC protocols represent an unequivocal step towards bolstering email security, but if not executed or understood, they could have significant implications for business revenue. It's critical for email providers to intensify efforts towards raising the awareness about these changes and underscore the potential risks businesses face by not adhering to evolving cybersecurity standards."