Highlights:
75% of organisations surveyed experienced a successful email-borne attack in the last 12 months.
Recovering from an email-borne security attack can cost victims more than $1 million on average, with the UK reporting an average cost of almost $650,000.
Having a higher proportion of remote workers increases security risk and recovery costs.
CAMPBELL, Calif., (FEB. 8, 2023) — Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, today published its 2023 Email Security Trends report that shows how email-based security attacks affect organisations around the world. 75% of the organisations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack. 23% said that the cost of email-based attacks has risen dramatically over the last year.
The survey, conducted by independent research firm Vanson Bourne and commissioned by Barracuda, questioned IT professionals from frontline to the most senior roles in companies with 100 to 2,500 employees, across a range of industries in the U.S. and EMEA and APAC countries.
The fallout from an email security attack can be significant. The most widely reported effects, globally, were downtime and business disruption (affecting 44% of those that had been hit), the loss of sensitive, confidential, and business-critical data (43%), and damage to brand reputation (41%).
Businesses in the UK reported fewer successful email attacks than other regions (54%). Loss of employee productivity (43%) was the top impact of a successful email attack, followed by downtime and business disruption; and loss of sensitive, confidential, or business-critical data (both 38%). Successful ransomware attacks were also low compared to the other countries surveyed (49% saw at least one successful ransomware attack vs. an overall 73%). This could explain a comparatively lower direct monetary impact of an attack for organisations in the UK.
There were notable differences between industries. For example, financial services organisations were particularly affected by the loss of valuable data and money to attackers (cited by 59% and 51% of victims, respectively), while in manufacturing the top impact was the disruption of business operations (53%). For healthcare institutions the recovery costs involved in getting systems up and running again quickly were the most significant (44%). Regardless of size or industry, however, organisations with more than half their employees working remotely faced higher levels of risk and recovery costs.
Organisations also feel underprepared to deal with the threat of malware and viruses (34%), advanced email attacks like account takeover (30%) and business email compromise (28%), and even more basic threats like spam (28%).
“Email is a trusted and ubiquitous communications channel, and that makes it an attractive target for cybercriminals. We expect email-based attacks to become increasingly sophisticated, leveraging AI and advanced social engineering in their attempts to get the data or access they want and evade security measures,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Email-based attacks can be the initial access point for a wide range of cyberthreats, including ransomware, information stealers, spyware, crypto mining, other malware, and more. It is not surprising that IT teams around the world don’t feel fully prepared to defend against many email-based threats. Growing awareness and understanding of email risks and the robust protection needed to stay safe will be key in keeping organizations and their employees protected in 2023 and beyond.”
Resources:
Get a copy of the report: https://barracuda.com/email-security-trends-report-2023
Check out the blog post: http://cuda.co/blg020823
Get a copy of Barracuda’s guide to the 13 email threat types and how to defend against them
Methodology
Barracuda commissioned independent market researcher Vanson Bourne to conduct a global survey of IT managers, senior IT security managers, and senior IT and IT security decision-makers. There were 1,350 survey participants from a broad range of industries, including agriculture, biotechnology, construction, energy, government, healthcare, manufacturing, retail, telecommunications, wholesale, and others. Survey participants were from the U.S., Australia, India, and Europe. In Europe, respondents were from the United Kingdom, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, the Netherlands, Luxembourg), and the Nordics (Denmark, Finland, Norway, Sweden). The survey was fielded in December 2022.
About Barracuda
At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com.
Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.
Media Contact:
Code Red Communications