BitSight Insights

File Sharing & Email Security Across The Globe

Noah Simon | June 1, 2016

Despite all the complex cybersecurity threats facing organizations around the globe, employee behavior often leads to security compromise. In a recent Experian survey, 66% of data protection and privacy training professionals say employees at their organizations are the weakest security link. Yet beyond training and educating employees, there are policies and controls organizations can implement to further reduce risk. By eliminating Illicit peer-to-peer file sharing and properly configuring email security protocols, organizations can diminish the likelihood that employees will inadvertently introduce malware into company networks.

Why are these risk vectors so important?

While file sharing is not an inherently harmful activity, it poses major security risks if employees are unaware of the origin of files that may contain malware. In a sample of 215 torrented applications and 104 torrented games and found 38.7% of games and 43.3% of applications contained malware. Moreover, BitSight found that companies with high file sharing activity were likely to have more compromised machines due to botnet infections.

BitSight Insights: Global Security PerformanceWhat about email security protocols? Phishing attacks are still the largest attack vector according to countless reports. Scammers that send emails under the guise of employees are able to glean incredible amounts of information, money, and data. During tax season, security researcher Brian Krebs saw an uptick in attacks where criminals posing as CEOs asked HR and Finance departments for employee W-2 forms. In all of 2015, the FBI estimates that spoofing emails costs businesses $263 million. found that companies with high file sharing activity were likely to have more compromised machines due to botnet infections. 

So, how diligent are companies around the world when it comes to illicit peer-to-peer file sharing and email security protocols? Our latest BitSight Insights report looks at how perform in these areas. Let’s take a look. 

File Sharing 


Out of all the nations studied, Brazil had by far the highest rate of harmful peer-to-peer file sharing on corporate networks. BitSight observed a higher incidence of peer-to-peer file sharing in Brazil, as 46.8% of companies in this country experienced file sharing activity in the past year.

Conversely, German companies had a significantly low percentage of companies with observed peer-to-peer file sharing to their networks. Only 11.6% of companies showed evidence of peer-to-peer downloads. Why could there be such a stark contrast between Germany and Brazil? In Germany, strict policies exist regarding file sharing, and those caught are often subject to fines. Unsurprisingly, companies based in nations with strict copy infringment and intellectual property laws are likely to have less file sharing activity on their networks.

Email Security

BitSight researchers looked at the utilization of two important email security protocols: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). BitSight researchers specifically looked at the proportion of companies that had a BitSight SPF or DKIM grade of C or lower.


Sender Policy Framework (SPF) help to limit an attacker’s ability to successfully spoof a valid “From” address. China had the largest percentage of companies with an SPF grade of C or lower. Germany, the United Kingdom and Brazil were not too far behind.



DKIM is another important email protocol that helps to authenticate valid servers and limit the sending of spoofed email messages. BitSight found that China and Brazil had a higher percentage of companies with low grades when it comes to implementing DKIM. Germany and Singapore had 71.6% and 70.4% respectively. The US and UK had a lower percentage of companies with poor performance.

Want to dig in deeper into these findings? 

Download our BitSight Insights report to explore how cyber threats vary by each nation, and what security risk teams can do accordingly.New Call-to-action

Suggested Posts

Data Insights on the BlueKeep Vulnerability

On May 14th, Microsoft issued a warning about the BlueKeep vulnerability (CVE-2019-0708) affecting Remote Desktop Services Protocol (RDP), a component common in most versions of Microsoft Windows that allows remote access to its graphical...


Cybersecurity in Europe is Improving: Thank You GDPR?

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay...


Security Ratings of U.S. Federal Agencies & Government Contractors

The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key...


Subscribe to get security news and updates in your inbox.