Email is Still the Most Concerning Cyber Threat Vector

December 22, 2023

See notable results from the Kaseya Security Survey Report 2023

In an era dominated by digital communication, email has become an integral part of our daily lives. However, with the convenience of email comes the lurking threat of cyberattacks. The average employee receives approximately 126 emails daily. That’s over 630 emails per week for employees to adjudicate. Plus, with so many companies expecting employees to do more with less in today’s challenging economy, many employees are overstretched and stressed, which can lead to them making mistakes, like not carefully inspecting an email before downloading an attachment. Cybercriminals won’t hesitate to exploit the vulnerabilities in a company’s inboxes to unleash a variety of threats, jeopardizing personal and organizational security.  


Learn about the cybersecurity challenges businesses faced in 2023 and the security moves they’re making now. DOWNLOAD IT>>

Most of the top cybersecurity issues businesses face have something in common: they’re email-based. 

In the Kaseya Security Survey 2023, we polled IT professionals about their employers’ experiences with cybersecurity and cybercrime in 2023. There is no clear leader in the list of cybersecurity issues that businesses have experienced. In fact, the top three challenges are nearly tied. However, digging deeper into the list, it’s easy to see that most of the issues that our survey respondents have been impacted by have a commonality: they’re typically email-related. Phishing tops the list of security issues that respondents have encountered (41%), followed closely by viruses (39%) and endpoint threats (39%).

Which of the following cybersecurity issues have impacted your business?

Issue  Response 
Phishing messages 41% 
Computer viruses 39% 
Endpoint threats detected 39% 
Personal information or credential theft 34% 
Business email compromise (BEC) 31% 
Ransomware 27% 
Supply chain attack 18% 
None  4% 

Source: Kaseya Security Survey 2023

Get this infographic to see how AI enables Graphus to protect businesses from phishing. DOWNLOAD IT>>

Over half of companies have faced ransomware or BEC in 2023

In terms of challenges experienced in the past 12 months, the picture shifts slightly, with the top three issues the same but experienced slightly differently by our survey respondents.  More than half of our respondents have also had to contend with a dangerous cyberattack, like ransomware or business email compromise, at some point (58%). This data offers important evidence that companies need to take precautions against email-based threats by improving email security and stepping up their security awareness training and phishing simulation programs.

Which of the following cybersecurity issues have impacted your business in the past 12 months?

Issue  Response 
Phishing messages  37% 
Endpoint threats detected 33% 
Computer viruses 33% 
Personal information or credential theft 29% 
Business email compromise (BEC) 26% 
Ransomware 24% 
Supply chain attack 16% 
None  7% 

Source: Kaseya Security Survey 2023

phishing in silver on a pink background on top of a skull and crossbones

Is your email security solution really getting the job done? This checklist helps you find out! GET CHECKLIST>>

Most companies expect a successful ransomware attack in 2024

The most common vector for a ransomware attack is email. Companies must reduce their risk of a ransomware-laden email reaching an employee by investing in top-notch email security that utilizes advanced technology like artificial intelligence to sniff out sophisticated email threats. With the number and frequency of ransomware attacks growing constantly, it’s no surprise that most IT professionals expect their employers to fall victim to one. Over three-fifths of our survey respondents (64%) said that their company is likely to experience a successful ransomware attack in the next 12 months.

What do you believe is the likelihood your organization will experience a successful ransomware attack in the next 12 months?   

Likelihood of falling victim to a ransomware attack    Response    
Extremely likely  5%  
Very likely    22%    
Somewhat likely    37%    
Not very likely  28%    
Not at all likely    8%    

Source: Kaseya Security Survey 2023

Looking for a security rockstar? Get 5 superstar benefits for half the cost of the competition! SEE THE BENEFITS>>

IT pros aren’t confident that their companies would survive ransomware.

More than half (53%) of our respondents indicated that a successful ransomware attack would have a significant impact on their organization. An unfortunate 17% said they believe their company is unlikely to survive a successful ransomware attack. Smart businesses will also take every precaution to put themselves in the best possible position to recover from a successful ransomware attack. Having a BCDR solution, a ransomware-specific incident response plan and EDR with a ransomware rollback feature will go a long way toward mitigating a ransomware disaster. 

If a successful ransomware attack on your business were to occur, how much impact do you think it would have?  

Severity of Impact  Response    
Extreme impact – it would be difficult to recover  17%    
Significant impact    53%    
Minimal impact    28%    
No impact    2%    

Source: Kaseya Security Survey 2023

Learn how to add more hands to your security team without adding to your headcount. FREE EBOOK>>

Email is the top threat vector that concerns IT professionals

When considering the vector through which their organization might suffer a successful cyberattack, one-quarter of our respondents chose email, highlighting the importance of having powerful, layered email security solutions in place to minimize risk. Nearly another one-quarter of survey respondents said that they consider endpoints to be their most vulnerable vector (23%). It is interesting to note that 22% of respondents chose a people-related vector, human error or insider threat, as the most likely conduit for a successful cyberattack against their employer. This result reinforces the importance of security awareness training for every employee. Education and training dramatically reduce a company’s risk of falling prey to a cybersecurity incident. 

Which of the following threat vectors are you most concerned about being the gateway to a successful attack in the next 12 months?  

Attack Vector Response 
Email 25% 
Human error (social engineering, distraction) 16% 
Endpoint (server) 12% 
Endpoint (laptop) 11% 
Cloud 10% 
Network 8% 
Insider threats 6% 
Supply chain 5% 
Unpatched systems (Zero-day attacks) 5% 
None 2% 

Source: Kaseya Security Survey 2023

Are you doing everything you can to avoid email-based cyberattacks? This checklist helps you make sure. GET IT>>

Almost three-quarters of businesses anticipate falling victim to phishing in 2024 

Most of today’s most dangerous and devastating cyberattacks, like ransomware and BEC, typically start with phishing. Unfortunately, most of our survey respondents said they believe their organization is likely to fall victim to a phishing attack in the next year (80%). Now is the time to take measures, such as improving email security and educating users through phishing simulations, to prevent that attack from landing. Personalized spam filters are another great way to keep potentially dangerous messages away from employees.

What do you believe is the likelihood that your organization will experience a successful phishing attack in the next 12 months?  

Likelihood of falling victim to a phishing attack Response 
Somewhat likely 50% 
Very likely 24% 
Not very likely 17% 
Extremely likely 6% 
Not at all likely 3% 

Source: Kaseya Security Survey 2023

Get the guide that helps you detect & defeat dangerous BEC attacks to keep your company out of trouble! DOWNLOAD IT>>

Ward off phishing with automated, AI-driven email security

The importance of powerful and effective email security to the success of a company’s cybersecurity strategy has never been more apparent. In order to mitigate the risk of falling victim to an email-based cyberattack like ransomware or business email compromise, it pays for organizations to make investing in a high-quality email security solution that can combat the rising tide of phishing effectively a high priority.  

Graphus is the world’s first AI-driven email security solution that automatically protects organizations from email-based ransomware attacks. The patented AI technology of Graphus creates a wall between organizations and cyberattacks, mitigating phishing attacks before they reach their systems. It automatically monitors communication patterns between people, devices, and networks to reveal untrustworthy emails, making it a simple, powerful, and cost-effective automated phishing defense solution for companies of all sizes. 

  • AI-driven email security with Graphus can capture and quarantine even sophisticated email threats and phishing messages.   
  • Graphus is the world’s first automated phishing defense platform that protects you from cybercriminals posing as trusted contacts 
  • Puts 3 layers of protection between employees and dangerous email messages.  
  • Seamlessly deploys to Microsoft 365 and Google Workspace via API without big downloads or lengthy installs.  
  • Provides intuitive reporting to help you gain insights into the effectiveness of your security, level of risks, attack types, and more. 

Book a demo of Graphus today BOOK IT>>  

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus