👓 March's Resilience Brief: Email Security for SMEs, a Strategic Guide

Bonjour ☕

This edition of La tech est politique brings March’s cybersecurity dossier – our Resilience Brief – where we are diving deep into email security—why it matters, segregation of duties, and what to do next.

Why it matters

Electronic messaging underpins daily communication, collaboration and decision‑making. It is also the preferred attack vector for cybercriminals, implicated in the vast majority of initial data breaches. In 2024, threats to professional email intensified markedly. Kaspersky reports nearly 900 million phishing attempts blocked—a 26% increase year‑on‑year. This is coupled with more sophisticated techniques, including the use of generative AI to automate highly personalised lures.

A growing challenge for SMEs

SMEs are particularly exposed. Research in Germany indicates 73% of businesses suffered at least one cyberattack in 2023. Many SMEs lack dedicated security staff, making them vulnerable to frequent and increasingly complex campaigns. A recent Acronis report highlights a 293% increase in email attacks in H1 2024 compared to H1 2023, and a rapid evolution of email-borne malware, which erodes the effectiveness of traditional detection methods alone. Despite the takedown of major groups such as LockBit, ransomware remains a primary business threat, with publicly reported cases rising year‑on‑year. These trends underscore the need for layered email protection and clear organisational roles.

What you’ll learn in this Resilience Brief

• The current threat landscape for SME email: phishing, business email compromise and ransomware entry paths.

• Segregation of duties: who owns policy, configuration and monitoring across leadership, IT, security and vendors.

• Strategic controls at a glance: people, process and technology levers to reduce risk with limited resources.

• Detection and response considerations for email‑borne incidents.

• A prioritised, cost‑conscious roadmap and quick wins tailored to SMEs.

• Metrics to track resilience over time.

Focus takeaway

Email security is the invisible bulwark of operational integrity. Far beyond anti‑spam filters, it is a strategic discipline addressing both human and technological weaknesses. This Brief explains the organisational and technical mechanisms that turn a structural vulnerability into a durable advantage.

Who this is for

• SME owners, CEOs and operational leaders accountable for business continuity.

• IT, security and compliance leads responsible for messaging and incident management.

• Teams in the EU/EEA and UK, and non‑EU suppliers serving these markets.

Get the Resilience Brief

Translate risks into a practical plan. Prioritise actions, align roles, and build layered defences that fit SME realities. Get the premium Resilience Brief on Email Security.

FAQ

• Why is email still the top attack vector? It combines high reach with human factors and broad supply‑chain exposure, making it efficient for phishing, BEC and ransomware.

• We already use a gateway. Is that enough? Gateways help, but attackers bypass single controls. A layered approach and clear role ownership are essential.

• What if we have a limited budget and no security team? The Brief outlines cost‑effective steps and role segmentation SMEs can adopt immediately.

What Now? This guide has been designed to provide concrete, accessible, cost-effective actions that can be implemented immediately.