Email security specialist Mimecast has opened an office in Singapore to tap the growth opportunities in Southeast Asia’s cyber security market.
Launched earlier this month, the regional hub marks the start of the company’s deeper push into the region as demand for email security grows amid the growing number of cyber threats that leverage email as the main attack vector.
According to Mimecast’s annual The state of email security report, 84% of the companies in Singapore are receiving an increased number of email-based threats – the largest increase from the 12 countries included in the 2022 findings.
Stanley Hsu, Mimecast’s newly appointed regional vice-president, said the company has been planning to expand into Southeast Asia for about a year and that this was the right time to enter the market as Covid-19 restrictions are being eased across the region.
“What I’ve learned in the last few weeks is that we’re very thoughtful and purposeful in what we want,” Hsu said. “We only commit to a market when we know that we have the resources and investment needed to serve our customers.”
The company has worked out a multi-year investment plan to tackle the market, including partnering with distributors and managed security service providers to grow its regional footprint.
Mimecast’s Singapore office serves as a sales and marketing outfit for now, but Hsu said the company would “seriously look into” setting up a datacentre in Southeast Asia. It currently operates two datacentres in co-located facilities in New South Wales, Australia.
“We obviously can’t commit to a specific country, but I will say that it is important enough for us to think about having a datacentre here,” he added.
Hsu said some of the considerations before setting up a datacentre in the region would include how customers would feel about using Mimecast services out of a facility outside their country for those that have to comply with data sovereignty requirements.
“There’s also the issue of data access – if we have a datacentre in Singapore, but our engineers are outside of Singapore, how does that work? That alone is a complex issue.”
Like many other cloud-based applications and services, Mimecast’s services are hosted on Amazon Web Services (AWS), which has a relatively large datacentre footprint across the region.
Asked if its services will be hosted in Mimecast’s regional datacentre instead of AWS if its plans pan out, Hsu said a decision has not been made for now.
“It’s a highly complex topic and our legal and corporate teams are looking at it. It’s something that we recognise we have to decide soon, but just not yet,” he added.
Like its rival Proofpoint, Mimecast helps organisations implement the Domain-based Message Authentication, Reporting and Conformance (Dmarc) protocol that improves e-mail security by authenticating the domains of inbound email.
Dmarc adoption, however, has been patchy. A recent survey by Proofpoint found that while 41% of the top 200 companies listed on the Singapore Exchange have implemented some form of email authentication, only 5% have adopted the recommended strictest level of Dmarc protection. Nearly six in ten of those companies have no Dmarc protocol in place at all.
While implementing Dmarc can be challenging as the protocol can be prone to error when sending emails from a domain and handling email failures, Hsu pinned the lower adoption rates in the region to a lack of awareness.
Meanwhile, there have been moves to encourage greater take-up of Dmarc, not least from cyber security insurers that may charge lower premiums for those that implement security best practices.
“We have a customer in Thailand who heard about Dmarc and came to us because one of the criteria for them to get a preferred premium for their cyber insurance is to have Dmarc,” Hsu said.