With the high number of malicious emails sent daily, email security should be a top priority for organizations, small businesses, and individuals. After all, opening that single email can have severe consequences for you and your company.
This article includes relevant statistics to showcase the numerous patterns, trends, and threats in email security and how much damage they can cause.
7 Key Email Security Statistics (Editor’s Pick)
- In 2022, 75% of organizations globally experienced at least one successful email attack.
- 44% of healthcare organizations incurred recovery costs due to email security attacks in 2022.
- In 2022, 82% of respondents experienced an increase in the overall cost of email security breaches.
- The professional industry experienced the highest number of BEC attacks (30%) in 2022.
- 42% of malicious email campaigns in Q4 2022 targeted the Telecom industry.
- Language-based BEC attacks rose by over 53% from 2021 to 2022.
- HTML for malware delivery in email campaigns rose by over 300% in 2022.
Infographic

General Email Security Statistics
1. In 2022, 75% of organizations globally experienced at least one successful email attack.
All kinds of organizations were targeted.
2. 72% of organization respondents claimed an increase in email-based threats in 2021.
26% of them claimed that this increment is significant. Additionally, 80% of those in the technology and telecommunications industries experienced more email threats than in 2020.
3. Business email compromise attacks rose by 74% in 2021.
The most common strategy was language-based, credited with 74% of these attacks. It was followed by unwanted or Greymail at 15%, common business workflows at 7%, and malicious payload at 4%.
4. 93% of organizations surveyed in 2021 either already had their email systems in the cloud or planned to do so.
91.5% of organizations with over 10,000 employees had moved or planned to move to cloud-only email solutions.
Global Email Security Statistics
5. October 2022 saw an increase in malicious emails in Arab countries.
They increased by 100% compared to August and September.
6. Most (85%) of Benelux-based organizations region suffered successful email attacks in 2022.
Organizations in India (82%), the DACH region (81%), and the US (80%) followed.
7. UK organizations suffered the least (54%) successful email attacks in 2022.
Likewise, only 68% of companies in the Nordics were victims of such attacks in 2022, followed by France (71%) and Australia (74%) in the bottom four.

Email Security Statistics by Organizations
8. From 2021 to 2022, BEC impersonation attacks in organizations rose by 29%.
71% were executive impersonation attacks, while 29% were employee impersonation attacks. In addition, 70% of these attacks evaded native email security controls.
9. The most targeted role for BEC impersonation attacks in 2021 was VP (51%).
C-Suite executives followed (20%) as chief engineers rounded up the top three (16%).
10. Sales departments were the most targeted (44%) by BEC impersonation attacks in 2021.
Followed by engineering (22%) and marketing (16%) departments.
Department | BEC Target Rate (%) |
---|---|
Sales | 44 |
Engineering | 22 |
Marketing | 16 |
Finance | 11 |
Others | 6 |
11. Organizations with 1,000 to 2,500 employees lost over $1.2 million to their most expensive email attacks in 2022.
They lost precisely $1,264,315.
Organization Size | Amount Lost (USD) |
---|---|
100 - 249 | $755,556 |
250 - 499 | $1,134,199 |
500 - 999 | $992,697 |
1,000 - 2,500 | $1,264,315 |
12. In 2022, 30% of organizations were unprepared to handle email account takeover.
While 29% were not equipped to deal with BEC.
Email Security Statistics by Impact
13. 59% of finance companies that experienced email security breaches in 2022 lost sensitive and confidential data.
53% reported downtime or business disruption, while 51% reported direct monetary loss.
14. 44% of healthcare organizations incurred recovery costs due to email security attacks in 2022.
42% reported downtime and business disruption, and 38% (each) reported the loss of employee productivity and direct monetary loss.
15. Over 50% of attacked manufacturing and production organizations suffered downtime and business disruption after successful email attacks in 2022.
46% suffered damage to IT teams’ reputations, and only 22% incurred direct monetary loss to the perpetrators.
16. In 2022, 82% of respondents experienced an increase in the overall cost of email security breaches.
93% of organizations that invested more in email security complained about the increase. Conversely, 78% of those who invested less in email security also complained about the rise.

17. The business and professional services industry lost an average of over $1.5 million to email attacks in 2022.
The average amount lost by other industries is tabled below.
Industry | Average Cost (USD) |
---|---|
Business and Professional Services | $1,501,000 |
Media, Leisure, & Entertainment Industry | $1,468,548 |
Energy, Oil&Gas, and Utilities | $1,316,190 |
Financial Services | $1,271,348 |
Information Technology and Telecoms | $1,000,362 |
Retail Distribution and Transport | $976,336 |
Healthcare | $975,000 |
Other Commercial Sectors | $945,946 |
Construction and Property | $845,055 |
Consumer Services | $795,732 |
Public Sector | $608,333 |
Manufacturing and Production | $586,709 |
Email Security Statistics by Industry
18. The professional industry experienced the highest number of BEC attacks (30%) in 2022.
The healthcare industry followed (21%), then the public sector (12%), and the education industry (11%) featured in the top four.
19. The cloud-based email security software market is expected to grow significantly by 2027.
It is projected to have a CAGR of 8.68% by 2027.
20. 42% of malicious email campaigns in Q4 2022 targeted the Telecom industry.
87% of phishing emails from the period leveraged malicious URLs to deploy an attack on the victim.
Email Security Statistics by Threat Type
21. 55% of email threats suffered by organizations in 2021 were phishing.
96% of the surveyed brands had experienced a phishing email attack, and 92% experienced BEC attacks.
22. Language-based BEC attacks rose by over 53% from 2021 to 2022.
Furthermore, 52% of general BEC attacks evaded local email security controls.
23. In 2021, 78% of respondents did not trust secure email gateways (SEGs) to protect cloud-based email systems or prevent advanced threats.
In addition, 79% of respondents did not trust the local security of cloud email solutions. On the upside, 90% were convinced that integrating cloud email security systems and local security can protect cloud email systems from these threats.
24. HTML for malware delivery in email campaigns rose by over 300% in 2022.
While its use for both malware and credential phishing increased by 295%.

25. Adobe was the highest abused domain (5.52%) for delivering phishing emails in 2022.
4.15% of these emails were delivered through SharePoint, and 3.60% went through Google’s services. Other domains used were Canva, Amazon AWS, Evernote, Dropbox, Box, Microsoft, and Clickfunnels.
26. 42.96% of phishing emails that reached inboxes in 2022 used .pdf attachments.
25.47% used .html, 15.10% used .htm, and 2.92% used .docx.
Brace Yourself
Based on these statistics, attacks are expected to become more sophisticated and widespread. The growing risks of email attacks underline the need for solid and reliable security, making it imperative for organizations and individuals to prepare for these attacks to limit the damage caused.
And to best prepare against such attacks, I recommend our guide to phishing statistics for more information on email threat attacks.
- https://assets.barracuda.com/assets/docs/dms/2023-email-security-trends.pdf
- https://assets.mimecast.com/api/public/content/d5b3248c41a140c599bca05ea4224adb?
- https://i.crn.com/sites/default/files/ckfinderimages/userfiles/images/crn/custom/2023/INKY/04156_Inky_01-2023_Email_Security_Annual_Report.pdf
- https://cdn2.assets-servd.host/gifted-zorilla/production/files/2022-Email-Security-Trends-Report.pdf
- https://cofense.com/wp-content/uploads/2023/03/2023-Annual-Report-Cofense.pdf
- https://trustifi.com/wp-content/uploads/2023/03/Overview-of-Gartner-Market-Guide-for-Email-Security-2023.pdf
- https://www.trellix.com/en-us/assets/threat-reports/trellix-arc-threat-report-february-2023.pdf
- https://d110erj175o600.cloudfront.net/wp-content/uploads/2022/11/02144954/Mandiant-2023-Forecast-Report.pdf