Email Security Risk in 2024

Insights into the 2024 Email Security Risk Report

Uncover the alarming landscape of email security threats in the 2024 Email Security Risk report from Egress.

This year’s Email Security Risk report covers various subjects, such as inbound email security and preventing data loss. It also discusses the consequences of successful phishing attacks, the sentiments of cyber security leaders towards their secure email gateways (SEGs), and the drawbacks of conventional SAT programs.

The data was gathered from 500 cyber security executives, comprising CISOs and CIOs, from financial services, legal, government, and healthcare sectors in the UK, US and Australia.

Email security risk remains extremely high. 

The report found that almost every company has experienced email security incidents within their Microsoft 365 platforms, ranging from credential harvesting and supply chain compromise to data loss and exfiltration.

• Phishing emails are one of the most common security threats that businesses face.
• 95% of cyber security leaders are stressed about email security. Phishing concerns continue to be top of their minds.
• The top three phishing attacks are malicious URLs, malware or ransomware attachments, and attacks sent from compromised accounts.
• 79% of account takeover attacks (ATO) started with phishing.
• 94% of organisations had email security incidents within the last 12 months. 
• 61% of cyber security leaders are concerned about AI chatbots in phishing.
• 51% of organisations enforce information barriers and have had them breached.

The greatest threat to cyber security leaders is the use of compromised accounts, which poses a significant risk to organisations.

50% of companies have experienced attacks originating from their supply chain, while 58% have faced account takeover attacks. Consequently, phishing through compromised accounts remains a top concern for those in the field of cyber security.

Cyber security experts are expressing doubts about the effectiveness of their Secure Email Gateway (SEG).

87% are contemplating replacing their SEG or have already done so. As Microsoft’s native capability in this area continues to evolve, it prompts us to investigate the challenges that SEGs encounter and the vulnerabilities that manage to bypass perimeter detection.

The consequence of data loss and exfiltration

A majority of organisations (91%) experienced incidents resulting from data loss and exfiltration, with even more organisations facing negative consequences. Discover how these organisations dealt with the individuals responsible for these incidents and the detrimental effects they had on their reputation and financial situation.

91% of leaders express uncertainty about the effectiveness of their Security Awareness Training (SAT) programmes

A majority of these leaders have reservations about traditional security awareness training, citing reasons such as employees quickly skipping through the programs and finding them bothersome.  Most cyber security leaders do not tailor their SAT programmes to specific departments or teams. Only 19% of leaders consider department-based training, and a mere 9% personalise training based on individual needs. Personal information is often readily available online, and cybercriminals will often conduct research before targeting a particular individual. Training users to identify these types of personal attacks is crucial for ensuring the security of your users and data.

To read the full report, download your copy.

Gain valuable insights into the challenges that businesses encounter. Discover the opinions of cyber security experts regarding their current native and secure email gateway (SEG) defences. Cybercriminals are designing more advanced attacks that are harder to detect than ever! Find out more about email security here.