25+ Email Security Statistics, Facts & Trends

We are reader supported and may earn a commission when you buy through links on our site. Learn more.

With the high number of malicious emails sent daily, email security should be a top priority for organizations, small businesses, and individuals. After all, opening that single email can have severe consequences for you and your company.

This article includes relevant statistics to showcase the numerous patterns, trends, and threats in email security and how much damage they can cause.

7 Key Email Security Statistics (Editor’s Pick)

  • In 2022, 75% of organizations globally experienced at least one successful email attack.
  • 44% of healthcare organizations incurred recovery costs due to email security attacks in 2022.
  • In 2022, 82% of respondents experienced an increase in the overall cost of email security breaches.
  • The professional industry experienced the highest number of BEC attacks (30%) in 2022.
  • 42% of malicious email campaigns in Q4 2022 targeted the Telecom industry.
  • Language-based BEC attacks rose by over 53% from 2021 to 2022.
  • HTML for malware delivery in email campaigns rose by over 300% in 2022.

Infographic

7 key email security statistics
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/email-security-statistics/" target="_blank" data-wpel-link="internal"><img src="https://vpnalert.com/wp-content/uploads/2023/07/7-key-email-security-statistics.png" alt="7 Key Email Security Statistics" width="768" border="0" height="654.54545454545" loading="lazy" fetchpriority="low"></a>
				
			

General Email Security Statistics

1. In 2022, 75% of organizations globally experienced at least one successful email attack.

All kinds of organizations were targeted.

2. 72% of organization respondents claimed an increase in email-based threats in 2021.

26% of them claimed that this increment is significant. Additionally, 80% of those in the technology and telecommunications industries experienced more email threats than in 2020.

3. Business email compromise attacks rose by 74% in 2021.

The most common strategy was language-based, credited with 74% of these attacks. It was followed by unwanted or Greymail at 15%, common business workflows at 7%, and malicious payload at 4%.

4. 93% of organizations surveyed in 2021 either already had their email systems in the cloud or planned to do so.

91.5% of organizations with over 10,000 employees had moved or planned to move to cloud-only email solutions.

Global Email Security Statistics

5. October 2022 saw an increase in malicious emails in Arab countries.

They increased by 100% compared to August and September.

6. Most (85%) of Benelux-based organizations region suffered successful email attacks in 2022.

Organizations in India (82%), the DACH region (81%), and the US (80%) followed.

7. UK organizations suffered the least (54%) successful email attacks in 2022.

Likewise, only 68% of companies in the Nordics were victims of such attacks in 2022, followed by France (71%) and Australia (74%) in the bottom four.

uk organization successful email attacks
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/email-security-statistics/" target="_blank" data-wpel-link="internal"><img src="https://vpnalert.com/wp-content/uploads/2023/07/uk-organization-successful-email-attacks.png" alt="Successful Organization Email Attacks in the UK" width="768" border="0" height="544.35912581217" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/07/uk-organization-successful-email-attacks-768x544.png 768w, https://vpnalert.com/wp-content/uploads/2023/07/uk-organization-successful-email-attacks-300x213.png 300w, https://vpnalert.com/wp-content/uploads/2023/07/uk-organization-successful-email-attacks-1024x726.png 1024w, https://vpnalert.com/wp-content/uploads/2023/07/uk-organization-successful-email-attacks-1536x1089.png 1536w, https://vpnalert.com/wp-content/uploads/2023/07/uk-organization-successful-email-attacks.png 1693w" sizes="auto"></a>
				
			

Email Security Statistics by Organizations

8. From 2021 to 2022, BEC impersonation attacks in organizations rose by 29%.

71% were executive impersonation attacks, while 29% were employee impersonation attacks. In addition, 70% of these attacks evaded native email security controls.

9. The most targeted role for BEC impersonation attacks in 2021 was VP (51%).

C-Suite executives followed (20%) as chief engineers rounded up the top three (16%).

10. Sales departments were the most targeted (44%) by BEC impersonation attacks in 2021.

Followed by engineering (22%) and marketing (16%) departments.

Department BEC Target Rate (%)
Sales 44
Engineering 22
Marketing 16
Finance 11
Others 6

11. Organizations with 1,000 to 2,500 employees lost over $1.2 million to their most expensive email attacks in 2022.

They lost precisely $1,264,315.

Organization Size Amount Lost (USD)
100 - 249 $755,556
250 - 499 $1,134,199
500 - 999 $992,697
1,000 - 2,500 $1,264,315

12. In 2022, 30% of organizations were unprepared to handle email account takeover.

While 29% were not equipped to deal with BEC.

Email Security Statistics by Impact

13. 59% of finance companies that experienced email security breaches in 2022 lost sensitive and confidential data.

53% reported downtime or business disruption, while 51% reported direct monetary loss.

14. 44% of healthcare organizations incurred recovery costs due to email security attacks in 2022.

42% reported downtime and business disruption, and 38% (each) reported the loss of employee productivity and direct monetary loss.

15. Over 50% of attacked manufacturing and production organizations suffered downtime and business disruption after successful email attacks in 2022.

46% suffered damage to IT teams’ reputations, and only 22% incurred direct monetary loss to the perpetrators.

16. In 2022, 82% of respondents experienced an increase in the overall cost of email security breaches.

93% of organizations that invested more in email security complained about the increase. Conversely, 78% of those who invested less in email security also complained about the rise.

overall cost of email security breaches
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/email-security-statistics/" target="_blank" data-wpel-link="internal"><img src="https://vpnalert.com/wp-content/uploads/2023/07/overall-cost-of-email-security-breaches.png" alt="Increased Cost of Email Security Breaches" width="768" border="0" height="544.35912581217" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/07/overall-cost-of-email-security-breaches-768x544.png 768w, https://vpnalert.com/wp-content/uploads/2023/07/overall-cost-of-email-security-breaches-300x213.png 300w, https://vpnalert.com/wp-content/uploads/2023/07/overall-cost-of-email-security-breaches-1024x726.png 1024w, https://vpnalert.com/wp-content/uploads/2023/07/overall-cost-of-email-security-breaches-1536x1089.png 1536w, https://vpnalert.com/wp-content/uploads/2023/07/overall-cost-of-email-security-breaches.png 1693w" sizes="auto"></a>
				
			

17. The business and professional services industry lost an average of over $1.5 million to email attacks in 2022.

The average amount lost by other industries is tabled below.

Industry Average Cost (USD)
Business and Professional Services $1,501,000
Media, Leisure, & Entertainment Industry $1,468,548
Energy, Oil&Gas, and Utilities $1,316,190
Financial Services $1,271,348
Information Technology and Telecoms $1,000,362
Retail Distribution and Transport $976,336
Healthcare $975,000
Other Commercial Sectors $945,946
Construction and Property $845,055
Consumer Services $795,732
Public Sector $608,333
Manufacturing and Production $586,709

Email Security Statistics by Industry

18. The professional industry experienced the highest number of BEC attacks (30%) in 2022.

The healthcare industry followed (21%), then the public sector (12%), and the education industry (11%) featured in the top four.

19. The cloud-based email security software market is expected to grow significantly by 2027.

It is projected to have a CAGR of 8.68% by 2027.

20. 42% of malicious email campaigns in Q4 2022 targeted the Telecom industry.

87% of phishing emails from the period leveraged malicious URLs to deploy an attack on the victim.

Email Security Statistics by Threat Type

21. 55% of email threats suffered by organizations in 2021 were phishing.

96% of the surveyed brands had experienced a phishing email attack, and 92% experienced BEC attacks.

22. Language-based BEC attacks rose by over 53% from 2021 to 2022.

Furthermore, 52% of general BEC attacks evaded local email security controls.

23. In 2021, 78% of respondents did not trust secure email gateways (SEGs) to protect cloud-based email systems or prevent advanced threats.

In addition, 79% of respondents did not trust the local security of cloud email solutions. On the upside, 90% were convinced that integrating cloud email security systems and local security can protect cloud email systems from these threats.

24. HTML for malware delivery in email campaigns rose by over 300% in 2022.

While its use for both malware and credential phishing increased by 295%.

html for malware delivery
Share This Image On Your Website
				
					<a href="https://vpnalert.com/resources/email-security-statistics/" target="_blank" data-wpel-link="internal"><img src="https://vpnalert.com/wp-content/uploads/2023/07/html-for-malware-delivery.png" alt="HTML for Malware Delivery" width="768" border="0" height="544.35912581217" loading="lazy" fetchpriority="low" srcset="https://vpnalert.com/wp-content/uploads/2023/07/html-for-malware-delivery-768x544.png 768w, https://vpnalert.com/wp-content/uploads/2023/07/html-for-malware-delivery-300x213.png 300w, https://vpnalert.com/wp-content/uploads/2023/07/html-for-malware-delivery-1024x726.png 1024w, https://vpnalert.com/wp-content/uploads/2023/07/html-for-malware-delivery-1536x1089.png 1536w, https://vpnalert.com/wp-content/uploads/2023/07/html-for-malware-delivery.png 1693w" sizes="auto"></a>
				
			

25. Adobe was the highest abused domain (5.52%) for delivering phishing emails in 2022.

4.15% of these emails were delivered through SharePoint, and 3.60% went through Google’s services. Other domains used were Canva, Amazon AWS, Evernote, Dropbox, Box, Microsoft, and Clickfunnels.

26. 42.96% of phishing emails that reached inboxes in 2022 used .pdf attachments.

25.47% used .html, 15.10% used .htm, and 2.92% used .docx.

Brace Yourself

Based on these statistics, attacks are expected to become more sophisticated and widespread. The growing risks of email attacks underline the need for solid and reliable security, making it imperative for organizations and individuals to prepare for these attacks to limit the damage caused.

And to best prepare against such attacks, I recommend our guide to phishing statistics for more information on email threat attacks.

References:
  1. https://assets.barracuda.com/assets/docs/dms/2023-email-security-trends.pdf
  2. https://assets.mimecast.com/api/public/content/d5b3248c41a140c599bca05ea4224adb?
  3. https://i.crn.com/sites/default/files/ckfinderimages/userfiles/images/crn/custom/2023/INKY/04156_Inky_01-2023_Email_Security_Annual_Report.pdf
  4. https://cdn2.assets-servd.host/gifted-zorilla/production/files/2022-Email-Security-Trends-Report.pdf
  5. https://cofense.com/wp-content/uploads/2023/03/2023-Annual-Report-Cofense.pdf
  6. https://trustifi.com/wp-content/uploads/2023/03/Overview-of-Gartner-Market-Guide-for-Email-Security-2023.pdf
  7. https://www.trellix.com/en-us/assets/threat-reports/trellix-arc-threat-report-february-2023.pdf
  8. https://d110erj175o600.cloudfront.net/wp-content/uploads/2022/11/02144954/Mandiant-2023-Forecast-Report.pdf