Proofpoint in collaboration with its strategic partner Help AG today released research identifying that almost a third (31%) of the Forbes Top 100 Middle East Companies do not have a Domain-based Message Authentication, Reporting & Conformance (DMARC) record in place, leaving their customers at risk of email fraud. The lack of a DMARC record makes companies potentially more susceptible to cybercriminals spoofing their identity and increases the risk of email fraud targeting their customers.
More worryingly, only a quarter (24%) of the Top 100 Middle East Companies have ‘reject’ in place, which means a large majority (76%) are not proactively blocking fraudulent emails from reaching customers. Reject is the strictest and recommended level of DMARC protection, a setting and policy that actively blocks fraudulent emails from reaching their intended target.
To gauge how quickly the DMARC standard is being adopted across the Middle East, Proofpoint, in collaboration with Help AG, conducted an analysis of the primary corporate domains of all of the Forbes Top 100 Middle East Companies:
Key findings include:
• Only 24 percent of the Top 100 Middle East organisations have implemented ‘reject’, the strictest and recommended level of DMARC protection, leaving 76 percent at risk of subjecting customers to email fraud.
• In total, 69 percent of the Top 100 Middle East companies have published DMARC records to begin protecting their employees, customers and partners from some forms of email fraud. This means, 31 percent have no policy in place to protect them from domain spoofing.
• Some industries lead the charge for the rate of DMARC adoption – 100 percent of logistics companies and 80 percent of banking and financial services providers have published a DMARC record. However, some other industries clearly lag behind – only 50 percent of real estate and construction firms and only 20 percent of companies from the retail sector have started their DMARC journey.
“As a leading cybersecurity services provider in the Middle East, it’s vital that we raise awareness of the dangerous risk of email threats that the top businesses in the region face. Email-borne cyberattacks are undoubtedly on the rise and organizations can take simple, recommended steps to protect their customers from the risk of email fraud by implementing a DMARC policy,” said Stephan Berner, CEO at Help AG. “At Help AG, we have started our DMARC journey and strive to enable more and more businesses in the region to do so too – and fast.”