Proofpoint: 88% of Top Organisations in Asia Pacific Still Put Their Customers and Stakeholders at Risk of Email Fraud as Businesses Face Record-High Email Attacks

• Protective measures against email fraud remain widely insufficient among leading Asia Pacific companies.
• Australia's high adoption rate of proper email authentication (71%) among its top companies sets the standard for the Asia Pacific region
• Around 50% of leading Singapore and India's businesses have implemented the recommended level of email authentication
• Concerningly, less than 20% of the largest organisations in Japan, South Korea, China and Thailand are actively protecting their customers against phishing

SINGAPORE - Media OutReach Newswire - 21 February 2025 - Proofpoint, Inc., a leading cybersecurity and compliance company, today released new research on a worrying gap among top organisations across the Asia Pacific with only 12% having implemented the recommended and most stringent level of email authentication. In 2024, phishing attacks surged significantly, increasing nearly 60% year-over-year. This dramatic increase underscores the critical need for proper implementation of email authentication, which prevents cyber criminals from spoofing organisations’ identities thus reducing the risk of email fraud. These findings are based on an analysis of the Domain-based Message Authentication, Reporting and Conformance (DMARC), a widely-adopted email validation protocol records of Asia Pacific companies listed on the Forbes Global 2000. DMARC protects domain names from being misused by malicious actors by authenticating the sender's identity before an email reaches its intended destination. This authentication system detects and prevents domain spoofing, a common phishing technique. DMARC has three levels of protection – monitor, quarantine, and reject, with reject being the most secure for preventing suspicious emails from reaching users’ inboxes. "Email remains the most common and critical threat vector across industries. It's encouraging that many leading companies in Asia Pacific have taken proactive steps to protect their customers from email fraud,” said George Lee, Senior Vice President of Asia Pacific and Japan at Proofpoint. “However, the rising frequency, sophistication, and cost of cyberattacks make it especially concerning that many remain highly vulnerable, exposing them to significant risks from malicious email-based threats such as phishing. Prioritising robust cybersecurity measures is essential to safeguard against these threats and protect customers' valuable data.” Proofpoint’s research shows that DMARC adoption in the Asia Pacific region is mostly lower compared to the US and UK, placing organisations and their customers at risk. While Australia leads in email authentication DMARC enforcement, Japan, South Korea and Thailand lag, leaving businesses exposed to escalating email fraud, including business email compromise (BEC) and phishing. Key findings of Proofpoint’s DMARC analysis across key Asia Pacific markets include:

• Australia: 71% of the top Australian companies have implemented DMARC at the recommended levels (reject). All the top Australian companies being studied have a DMARC record.
• Singapore: 46.2% of companies analysed have DMARC set to reject. Yet 23.1% do not have any DMARC record and are wide open to email fraud and domain spoofing attacks.
• India: 50% of the top Indian organisations implemented the highest level of DMARC (reject), with 30.9% utilising quarantine and 11.8% having no DMARC record at all.
• Japan: Only 7.4% of top Japanese companies have a DMARC policy of reject in place. 65.6% of companies are at the monitor level, gathering data but offering no active protection
• South Korea: Only 1.8% have implemented DMARC at the quarantine level with none at the reject level, and 51.8% having no DMARC record at all.
• Thailand: 17.6% have a reject policy in place to block unqualified emails, while 17.6% of companies implemented quarantine and 52.9% at the monitor level still.
• China: Only 4.2% of top Chinese companies have the strictest level of DMARC in place. A startling 71.8% do not use any DMARC protection at all.

Major Providers and Compliance Mandates Push for DMARC Adoption Major email providers are making moves to force companies to catch up and use email authentication. Some highly-publicised examples include the October 2023 announcements from Google, Yahoo and Apple around mandatory email authentication requirements (including DMARC) for bulk senders sending emails to Gmail, Yahoo and iCloud accounts. This aims to significantly reduce spam and fraudulent emails hitting their customers’ inboxes. In addition, organisations that store consumer payment information must comply with the Payment Card Industry Data Security Standard (PCI-DSS) or risk paying hefty fines for violations. The latest PCI DSS (v4.0.1) will require companies to use DMARC to protect credit card data by March 31, 2025. Proofpoint recommends that organisations follow these best practices:

• Implement DMARC: Protect your domain from impersonation by implementing DMARC and enforcing it at the reject level. Seek expert assistance if needed to avoid blocking legitimate emails.
• Educate employees: Train staff on how to identify and avoid potentially fraudulent or suspicious emails, such as those impersonating colleagues, suppliers, or customers.
• Strengthen passwords: Establish and enforce best practices for password management, including requiring strong passwords, regular changes, and never re-using passwords across multiple accounts.

This analysis was conducted in December 2024 using data from companies listed on Forbes Global 2000. To learn more about DMARC, visit: https://www.proofpoint.com/au/threat-reference/dmarcHashtag: #Proofpoint

The issuer is solely responsible for the content of this announcement.

About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organisations' greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organisations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at www.proofpoint.com. Connect with Proofpoint: X | LinkedIn | Facebook | YouTubeProofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.