More than half of businesses have fallen victim to ransomware attacks in just the last year alone, according to new research from Mimecast.

The cyber security firm discovered that 51% of businesses had been impacted by ransomware attacks over the past 12 months, with systems taken down for an average of three days as a result.

The company’s ‘State of Email Security Report 2020’ found that ransomware was just one of many threats, with 58% of businesses reporting an increase in phishing scams, and 60% seeing a rise in impersonation fraud.

As to the reason why these attacks are so commonplace, and indeed so effective, many business owners simply put it down to insecure passwords. More than three quarters of respondents (77%) said they thought weak passwords risked their company facing serious security issues.

Despite knowing the problem, and even the damage it could do, few companies have actually put measures in place to protect themselves. Around two fifths of those surveyed said they had no systems to monitor and protect their email systems from email attacks or data leaks, on both internal and external messages. Additionally, 55% of companies said they didn’t offer regular awareness training to help employees spot potential threats, despite around half of all successful email-based attacks coming as a result of human error.

Looking ahead, 85% of businesses said they expect the volume of email attacks to either increase or remain the same over the coming year. What’s more, 60% of those surveyed said they thought it would be ‘likely’ or even ‘inevitable’ that they would suffer an email attack in the next 12 months.

Much of this, Mimecast suggests, is due to Covid-19, which presents hackers with brand new opportunities. The report concludes: “Threat actors are relying heavily on impersonation and brand exploitation to take advantage of the uncertainty during the global Covid-19 pandemic.

“The usual email and web security defences are no longer good enough; to prevent and protect your business against threat actors now and in the future, it’s critical to integrate security awareness training… to protect your online brand.”