The Business Case for Email Security Beyond Basic Filtering

Email security is the foundation of a strong security strategy. According to Huntress, more than 80% of all reported security breaches involve phishing. Failing to properly address the threat of phishing makes your job immensely harder. It makes sense to spend time properly identifying and blocking email threats. But this alone is not enough.

Foundations are critical, but they are just the start. You need solid foundations to build the rest of your security infrastructure on.

Attackers are locked in a 24/7 mission to get around spam filters and trick your staff into clicking a malicious link. With 3.4 billion phishing emails sent daily, it is impossible to stop them all. You need other defenses in place to address the small percentage of malicious emails that get through, or that evolve faster than defenders can respond.

How Does Email Filtering Work?

Before exploring where email filtering falls short, it helps to understand what it does.

Email filtering scans the content, attachments, and reputation of emails as they arrive in your inbox. The scanners identify spam, malware, and phishing content. Some of this reduces clutter and “nuisance” emails, allowing you to focus on the ones most relevant to you. Beyond this, blocking phishing emails decreases the chances for any of your employees to be caught out and inadvertently open your organization to attack.

The True Cost Of A Breach

When making a business case, it’s important to look at the numbers. In 2025, $4.44 million was the average cost of a data breach. While this figure is significant, it actually represents a 9% decrease from the previous year. Do not be lulled into thinking that this 9% decrease will be repeated year on year.

This is a figure that most businesses would not be able to absorb. In fact, 60% of small businesses go bust within six months of a cyber attack. The stakes are high. We’re talking about your business being able to carry on.

How was that $4.44 million figure reached?

There are multiple factors to consider when calculating the cost of a breach. In addition to any ransomware or penalty payments, you’ll have to factor in downtime and loss of earnings. Depending on how your business operates, you may have to halt all work until the attack has been navigated. A period of downtime may also result in you breaching contracts, which brings its own financial repercussions.

One of the hardest factors to quantify is reputational damage. What will customers think if your organization is involved in a highly publicized breach? Even if it’s not your fault, customers will think twice before spending their money with you.

Where Does Cybersecurity Insurance Come Into It?

A relative newcomer to the insurance world, the cybersecurity insurance market was valued at $16.3 billion in 2025. While this figure is high, it should be higher. $16.3 billion represents just 1% of what’s at stake.

Cybersecurity insurance will pay out if you fall victim to a cyber attack. As with all forms of insurance, you need to read the small print to make sure you’re covered for what you need. Insurance isn’t a silver bullet. You are unlikely to receive coverage if you can’t prove that you’re already taking a realistic and thorough approach to protecting your organization. With this in mind, you should see cybersecurity insurance as an additional safeguard, not a lifeline.

For more information on cybersecurity insurance, check out our article on How To Choose A Cyber Insurance Policy.

When making the business case, cybersecurity insurance is likely part of the answer. It will need to sit alongside other defenses and risk assessments to be of value.

If Not Basic Filtering, Then What?

You recognize that you need to take action beyond basic email filtering. But where do you start when it comes to strengthening your security strategy?

In this section, we’ll highlight some of the alternative security tools that bolster your defenses and protect against the threats that filtering misses.

• Security Awareness Training (SAT): This is one of the simplest but most effective things you can do to protect your organization. SAT is an ongoing training and testing program that primes your employees to be knowledgeable and confident when it comes to phishing. It warns them of telltale signs, meaning they are less likely to fall for phishing attempts and grant an attacker access into your network.

We’ve put together a list of the best SAT solutions on the market, helping you find the right one for your needs. Read more about it here.

• Managed Detection and Response (MDR): This is a technology that gathers data from your endpoints, then analyzes it to identify suspicious activity. The system can then carry out remediation to prevent the attack from spreading. MDR does not rely on a rules-based scan in one location. Instead, it proactively hunts for breaches and addresses them.

For more information on MDR and the best solutions on the market, check out our shortlist.

• Next-Gen Firewalls: If email filtering is checking who’s entering your network via the portcullis, firewalls are ensuring that the entire wall is secure. They work in a very similar way to email scanning: they check incoming data for evidence of malicious intent or corruption. The difference is in scale. Firewalls work across your entire network, not just via email.

For more information on the best managed firewall services, take a look at our shortlist.

• Privileged Access Management: While this isn’t exactly a cybersecurity tool, it is an approach that every organization, no matter the size or industry, should be taking. Privileged Access Management (PAM) ensures that every user has the level of access they need to do their job, and no more. This means that if an account is compromised, the impact is contained rather than catastrophic.

We’ve written a guide to deepen your understanding of PAM. Read it here.

The Business Case

Now that we’ve spent some time understanding the context and what’s at stake, let’s drill down into the math. Take that average cost of a breach at $4.44 million USD and look at two strategies at opposite ends of the spectrum.

• Option A: Do nothing. Then pay any legal fines and customer compensation if you are attacked. Using this strategy there is no way of mitigating the impact of the attack itself. For instance, if your organization is hit by ransomware, you are locked out of your data. You will be encouraged to pay a ransom fee to unlock it. If the attackers receive the money and do not unlock your data, you will be in a very difficult position.
• Option B: Invest in MDR, firewalls, SAT, and PAM. Create a partnership with an insurance broker to cover you if you are hit by an attack.

The first thing to say is that you are less likely to fall victim to an attack. If an attacker is able to breach email filtering rules, they are likely to be identified by a trained employee or your MDR solution. While these tactics stack the odds in your favor, there is still a chance that an attack will succeed.

In this case, your insurance comes into play. As you’ve already got a relationship with your provider and you have proved that you take cybersecurity seriously, there is no reason why your insurance won’t pay out. This will help with the initial financial repercussions, and insurance providers will also be able to help with recovery time, including forensic investigation if that’s what’s required.

You may still have fallen victim to a cyber attack. But, importantly, you won’t be any worse off for it.

Conclusion

When it comes to cybersecurity, the question shouldn’t be “can we afford it?” It should be “can we afford not to?”

Cyber attacks are not going to go away, no matter how much we’d like them to. Resilience doesn’t mean you never get attacked. It means that you have the tools to deal with an attack when it does happen.

Your inbox is a key area to consider. It is a massive vector for attacks, so ensuring that your emails are scanned is essential. It is the first step. Make sure it is not the only one you take.