Two-thirds of ASX 200 companies put customers, partners, and employees at risk of email fraud, according to a leading cybersecurity and compliance company.

Proofpoint found that 67% of ASX 200 listed companies have not implemented the recommended and strictest level of Domain-based Message Authentication, Reporting, and Conformance (DMARC) protection, which prevents cybercriminals from spoofing organisations' identities and reducing email fraud.

Only 33% of ASX 200 companies are blocking suspicious emails, despite 81% adopting the email authentication protocol. 19% of the ASX 200 lack DMARC records, leaving them vulnerable to email fraud and domain spoofing.

“The past year has shown the ASX 200, as some of Australia’s most recognisable brands, are and have been obvious targets for email-borne attacks,” said Steve Moros, senior director, of advanced technology group, Asia Pacific and Japan, Proofpoint.

Moros said, All Australians trust these brands with their credit card information, contact details, addresses, private health records, or other sensitive information, and these companies have a responsibility to keep that information safe and secure.

Proofpoint found 81% DMARC adoption in Australia's ASX 200, despite rising email-based cyberattacks. The Fortune 1,000 index in the US has an 88% DMARC adoption rate, the FTSE 100 89%, and the CAC 40 85%.

Proofpoint's State of the Phish 2023 report found that nine in 10 Australian organisations (90%) experienced at least one successful email-based phishing attack in 2022, with almost half (48%) reporting direct financial losses, a 60% increase year over year.

Proofpoint found that all sectors—banking, healthcare, mining and minerals, real estate, telecommunications, and utilities—lacked email fraud protection. Email-based attacks often target companies, tricking victims into thinking they received an email from a senior executive like the CEO or CFO asking them to transfer funds (wire fraud), release sensitive or personally identifiable information, or hand over their credentials. Threat actors around the world can now use ChatGPT to create legitimate-looking communications to deceive employees.

“We know that a major cyber breach on any ASX 200 company can impact countless stakeholders, including everyday Australians. Lax security, awareness gaps, and a volatile labour market have created significant security risks for Australian companies and their employees.

According to Proofpoint, only 67% of Australian companies with security awareness programmes train their entire workforce. Worse, only 37% conduct phishing simulations—missing a crucial component of a security awareness programme. Moros concluded, "Protecting employees and company data must be a top priority."

Before you go..

You can get RedWires AU for free right now. Your donation, no matter how big or small, will help us keep doing honest journalism.

The readers of Redwires AU are the engine that drives our publication. Add your support to the effort to create a sustainable future for journalism that does not make compromises in the AU.

In the world we live in now, accurate and thorough reporting and analysis are becoming more and more important. To stop the spread of false information, it's very important that everyone in Australia has access to good reporting.

The Redwires AU contributes to society by opening up access to information and resources for all people, rather than just a select few.

Our only goal is to educate the general public more thoroughly. If you believe in what we're trying to accomplish here, please consider making a contribution right away to ensure our success in the years to come.

Upgrade your subscription to get the most out of it. Join the growing number of people around the world who believe in the power of independent media.