A new report by New Zealand-based email security firm SMX has exposed significant cybersecurity gaps in Australia and New Zealand, particularly concerning the enforcement of the DMARC (Domain-based Message Authentication, Reporting, and Conformance) protocol. The report reveals that while Australian federal agencies are leading in DMARC enforcement, New Zealand’s public sector lags behind. In Australia, 92% of federal government agencies have adopted DMARC, with 79% actively enforcing it, marking a significant improvement from the previous year. Conversely, only 33% of New Zealand government agencies use DMARC enforcement, although this is an increase from 21% in 2022.
The private sector also shows a disparity in DMARC adoption between the two countries. Among New Zealand’s 100 largest companies, 64% have implemented DMARC enforcement, up from 47% in 2022. In Australia, 60% of ASX-listed companies have adopted the protocol, with enforcement rising slightly to 47% from 45% last year. SMX’s analysis indicates that 47% of organizations sending emails to its customers are enforcing DMARC, a notable increase from 38% in 2022.
SMX’s Chief Security Officer, Jamie Callaghan, emphasizes the importance of DMARC enforcement for maintaining trust in email communications. “DMARC enforcement not only protects your own organization but also ensures that your communications are trustworthy to those you do business with,” he explained. The report suggests that while significant strides have been made, both countries need to improve their enforcement practices to better defend against email-based threats such as spoofing and phishing.
The report’s findings align with broader cybersecurity trends in the APAC region. A related survey by LogRhythm highlights a disconnect between cybersecurity executives and customer confidence, revealing that while many executives believe their defenses are effective, a substantial portion of companies face customer confidence issues. The survey also notes a rise in cybersecurity budgets, driven by increasing threats and the role of artificial intelligence in threat management. This underscores the urgent need for enhanced cybersecurity measures and more effective communication of security practices to both technical and non-technical stakeholders.
Reference: