Over Half Of Water And Waste Companies Remain Exposed To Email-Based Cyber Threats

A new report just released by global cybersecurity leader Red Sift highlights serious weaknesses in email security across the United States’ critical infrastructure services, with the water and waste sector identified as the most at risk. The analysis reviewed 840 U.S. companies in the chemical, energy, and water/waste industries and found that 42% lack robust email authentication protocols, leaving vital infrastructure exposed to phishing and impersonation attacks.

While 58% of organizations have adopted DMARC enforcement, a key safeguard against domain spoofing, water and waste companies trail far behind. Among 300 firms in this sector, 52% remain unprotected, the highest rate among all groups studied. This includes 20% with no DMARC policy and 32% still in monitoring mode.

The report also points to mounting regulatory pressure, including mandates under the NIS2 Directive, CISA guidelines, and sector-specific compliance requirements. Failure to secure email systems threatens not only operational continuity but also public trust and safety.

Key Findings:

• Water & Waste: 52% unprotected; only 23% fully enforced
• Chemical: 42% unprotected; 35.7% fully enforced
• Energy: 32% unprotected; 44.5% fully enforced

The chemical sector’s high exposure is particularly concerning given its handling of hazardous materials and complex supply chains, where a breach could have catastrophic consequences. Similarly, the energy sector—covering 274 companies—faces persistent threats from nation-state actors and cybercriminals targeting supply chains and sensitive operational data.

Email-based attacks on critical infrastructure can disrupt essential services, compromise supply chains, and endanger public health. For these industries, DMARC is more than brand protection—it is the cornerstone of operational security across the United States.

Click here for the full report.

About Red Sift

Red Sift provides cutting-edge cybersecurity solutions to help organizations protect their digital infrastructure against evolving threats.

The U.S. water and waste sector shows the most significant security gaps, with the lowest enforcement rate across all sectors analyzed