1 in 4 Companies Had an Email Security Breach Last Year

September 10, 2021
the neon outline of a blue envelope pops out of a neon bavkground in shades of purple.


One Email Security Breach Can Be an Expressway to Disaster


One of the most vital tools that any company uses is email, especially when supporting a remote or hybrid workforce. Over 50% of remote workers rely on email as their primary form of communication. Yet far too many companies are relying on email security solutions that can’t take the heat in today’s volatile cybercrime landscape, where a historic increase in phishing risk for the past two years has led to an email security crisis that every business needs to face, This wave of email threats has led to an unfortunately large number of email security breaches. In fact, one in four businesses had an email security breach in 2020, and that’s bad news for everyone. 

See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>

What Contributed to the Problem? 

Email security became more critical than ever in 2020 due to a confluence of world events including the global COVID-19 pandemic. Cybercriminals leveraged pandemic stress and the inexperience of a world full of anxious remote workers to drive phishing-related cybercrime to new heights.  

  • Phishing threats rose more than 600% in 2020 
  • COVID-19 is the most “phished” topic in history 
  • 90% of data breaches started with a phishing email  
  • Spear phishing was the culprit in  91% of successful data breaches 
  • 95% of all enterprise network intrusions were also the result of spear phishing   
  • Cloud-based attacks ballooned with a 32% increase from the previous year 
  • Credential phishing, already the most common kind of spear phishing, popped up 14% 
  • There was 16% growth in malware file attachments detected and blocked in 2020 
  • Phishing threats sent via spam skyrocketed by 41%
  • Phishing targeting webmail and Software-as-a-Service (SaaS) was king at  31.4 % of all attacks.  
  • An estimated 6 billion fake emails were sent to businesses daily 

What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>

Email Security Challenges Continue to Mount 

Escalation in email security danger has continued into 2021 and it shows no signs of stopping. The most common way that a business will encounter the full rogue’s gallery of cyberattack threats like ransomware or business email compromise attacks is through a phishing email that makes its way past email security and into an employee inbox. With cybercrime at an all-time high, researchers at the University of Maryland estimate that a new cyberattack is launched every 39 seconds – and 80% of those cyberattacks are email-related in the form of phishing. No company can afford to use security that isn’t getting the job done.  

The pressure on every company’s email security defense (and IT team) that is being created by the sheer volume of email that is moving around every day is unrelenting – especially since they know that it is packed with potential disasters like whaling messages and fraudulent government email. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies continue to grapple with the implications of the ongoing pandemic and virus variants that could lead to long-term remote work becoming the norm. If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025.  

How safe is your email domain? Find out now with our domain checker. CHECK YOUR DOMAIN>>

Companies Have Less Money to Address More Email Security Problems 

Meanwhile, a challenging economy has businesses pinching every penny while overtaxed IT teams are facing a 64% year-over-year increase in threat volume. That leads to conditions that can impact security negatively like alert fatigue, burnout and neglect, especially if that IT team is already stressed out from the challenges of 2020. Plus, with the IT skills shortage nipping at everyone’s heels, most IT teams are stretched to the brink without this additional pressure.  In this year’s ISACA State of Cybersecurity 2021 Survey, 35% of respondents reported that their enterprises are currently experiencing an increase in cyberattacks, including email-based cyberattacks like phishing and ransomware. That’s three percentage points higher than was recorded in that survey in 2020, which was a record-breaking year for phishing worldwide.   

Email threats that can lead to a security breach are also growing more sophisticated, with especially enticing elements of social engineering drawing in unwary workers. That leads to complications that increase risk and ticket volume, negatively impacting IT teams. In many places, companies are still working remotely as pandemic pressure continues. Remote workers are significantly more likely to make those mistakes. In a survey of remote work habits, more than 40% of remote workers admitted that they’d made email handling errors that caused cybersecurity incidents In 2021, one out of every 99 messages a business receives contains a phishing attack. The odds are even worse for branded email, something every business receives daily – 1 in 25 branded email messages is a phishing attempt. This translates into much more danger to email security at a time when most businesses have precious few resources to spare – and no room for error.  

Still relying on an old-fashioned SEG? See why Graphus is better! SEE THE COMPARISON>>

An Email Security Breach is Almost Certain to Become a Data Breach  

The number one data breach risk that businesses face has held steady, and it’s not a surprise. The recently released Verizon Data Breach Investigations Report 2021 (DBIR) dubbed phishing the top data breach threat that organizations face for the third year in a row beating out insider acts, malware, and even human error. In fact, phishing risk in relation to data breaches actually increased by 10%, which tracks with the tremendous increase in email volume and record-breaking cybercrime rates that started in March 2020. Surprisingly, this DBIR category tops the list and it does not include ransomware, which has become such a behemoth that it has earned its own separate own category these days. This reinforces how crucial phishing defense is for every business. 

Email security crises that lead directly to a data breach are a specter every business in the world is dealing with right now. In examining the geography and cause of data breaches, researchers estimate that an estimated 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months. The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020. But organizations outside the US aren’t any safer from an email security disaster that leads to a phishing-related data breach. More than 70% of UK organizations have also suffered at least one data breach caused by email security failures in the last year. Overall, researchers found that 80% of IT professionals that they spoke to worldwide said that their organizations have faced an increase in the number of phishing attacks and email security threats in 2021, creating an exceptionally dangerous prospect for email security disasters.

Automated security isn’t a luxury. See why Graphus is a smart buy.

AI-Powered Email Security Stands Up to Phishing to Reduce Email Security Breach Risk 

One essential way for companies to reduce their chance of an email security breach is to make sure that they’re using the right solutions to handle the job, Unfortunately, many companies are making dangerous security choices. A report in CISO Magazine detailed the danger: one in three small businesses with 50 or fewer employees rely on free or consumer-grade cybersecurity tools for all of their cyber defense, and one in five companies do not use any endpoint security whatsoever. That’s a terrifying prospect for most IT professionals.

Businesses can dramatically reduce their risk of an email security disaster without breaking the bank by choosing a cutting-edge automated email security solution like Graphus without breaking the bank. You’ll be pleasantly surprised by how quick and easy it is to get started with Graphus. You’ll also be impressed by effectively the smart Graphus AI independently adjudicates everything about each incoming message your business receives, including content and attachments, using more than 50 points of comparison to sniff out danger. Your security team will be thankful for the alleviation of stress that automated email security brings. The extra time that Graphus gives them will be welcome too – Graphus doesn’t require fussy configuration or wait for technicians to feed it fresh threat data to be able to detect emerging threats. The AI never stops learning, growing and evolving your protection with your business.    

In fact, an automated email security solution like Graphus spots and stops 40% more email security threats like phishing attacks than conventional native security or a SEG. Don’t hesitate – put 3 smart layers of powerful protection between email security threats like phishing and your business for one low price when you stop phishing immediately with Graphus – the most simple, automated and affordable phishing defense available today.  



Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus