With the number of email breaches per year almost doubling in the last three years, organizations still don’t see email security solutions as being an effective means of stopping attacks.

Email remains a direct conduit for threat actors to access organizations and even specific individuals within, providing an opportunity to attack just the right potential victim recipient with the right message and the right trigger to elicit the desired response that spawns a cyberattack. According to Osterman Research’s Phishing, BEC, and Ransomware Threats for Microsoft 365 Users report, the use of email as a malicious vehicle is not only clear and present, but working to the cybercriminals advantage.

  • Less than half of organizations rate their email security as being “effective”
  • 64% of orgs believe their security solutions to be ineffective against attacks impersonating executives
  • 54% believe their security solutions to be ineffective in preventing impersonated emails of any kind from reaching a user’s Inbox

This is not just “gut feeling” or intuition; it’s based on the resultant effectiveness of these solutions to stop attacks. According to the report:

  • 89% of organizations experienced one or more successful email breaches during the last 12 months
  • Ransomware attacks increased by 71% over the same period of time
  • Microsoft 365 credential compromise attacks increased by 49%

According to the report, while 99% of organizations offer some kind of training on email threats at least annually, only 14% of organizations offer training monthly or more frequently. But those organizations that do conduct regular Security Awareness Training see a reduction in the likelihood of employees falling for phishing attacks, with 87% of those organizations seeing a “reasonable” or “significant” impact in the reduction of their email threat surface.