Email Security

20+ Stats And Trends For Email Threats in 2024

Organization should be familiar the latest trends in email threats and risks.

Last updated on Dec 19, 2024
Mirren McDade Written by Mirren McDade
Laura Iannini Technical review by Laura Iannini
Stats for Email Threats Cover

With emails being such a common target for cyberattacks such as malware, phishing, and data breaches, email security has only increased in importance over the years. 

Falling victim to any of these threats can lead to the compromising of sensitive information and serious disruptions to business operation, which can result in reputational damage and lags in productivity. The purpose of maintaining good email security is to prevent this, as well as to protect sensitive information and ensure the integrity and availability of communication systems.

Expert Insights have gathered several major reports on the current email threat landscape and the email security market to provide detailed insights into this topic for cybersecurity professionals to delve into and reflect on.

General Business Email Compromise Trends

  • The global Business Email Compromise (BEC) market size was estimated at USD 1.38 billion in 2023 and is anticipated to grow at a CAGR of 22.4% from 2024 to 2030. (Grand View Research
  • In 2023, the IC3 (Internet Crime complaint Center) received 21,489 BEC complaints with adjusted losses over 2.9 billion. These BEC schemes historically involved compromised vendor emails, requests for W-2 information, targeting of the real estate sector, and fraudulent requests for large amounts of gift cards. (I3C)
  • The global average cost of a data breach in 2024 is $4.88 million USD—a 10% increase over last year and the highest total ever. (IBM)
  • The SME segment accounted for the largest revenue share in 2023. The growing awareness and education about the risks of BEC attacks and the importance of cybersecurity drive the demand for BEC solutions in SMEs. (Grand View Research)
  • The BFSI (Banking, Financial Services, and Insurance) segment accounted for the largest market share of over 19% in 2023. Regulatory compliance and data protection requirements significantly drive the growth of the market. (Grand View Research)

Email As An Attack Vector 

  • Email is still the #1 threat vector for cybercrime, with 90% of data breaches starting with a phish. Over the last year, Cofense reported a 331% increase in QR code ATRs (Active Threat Reports) issued. (Cofense)
  • QR codes change the attack vector and enable threat actors to trick victims into using their smartphones, which are typically not protected by enterprise controls and are therefore more vulnerable. (Cofense)
  • “We will see continued use of AI and large language models (LLMs) to develop and scale more convincing phishing, vishing, SMS, and other social engineering attacks.” (Google Cloud(blog post here)
  • Email remains the number one attack vector for cybercriminals, and phishing attacks are the top threat to email users. (Mimecast
  • More than two-thirds believe employees are putting the organization at risk through the misuse of email, oversharing company information on social media, and careless web browsing. (Mimecast
  • Microsoft continues to be the most abused brand with 68 million malicious messages associated with the brand or its products. (Proofpoint)  

Who Is Most Vulnerable To Email-Based Attacks? 

Email threats can affect anyone, from large organizations to individuals, but some will feel the pressure of these attacks more than others.

  • Vendor Email Compromise (VEC) for healthcare organizations has grown by 60% between August 2023 and August 2024. “Unlike business email compromise, where attackers pose as internal staff, VEC threat actors impersonate service providers, suppliers, distributors, or other vendors to trick employees into processing fake invoices or altering bank information in the organization’s accounts payable system.” (Abnormal Security)  
  • The finance industry has shown the most improvement for responding to simulated email phishing campaigns (failure rate decreased 7% from 16% to 9%), and the marketing / advertising industry has the lowest overall failure rate (6%). In the same data set, the agriculture and construction industries are tied with the worst increase in failure rate for simulations (up 3%, reaching failure rates of 11% and 12% respectively). (Proofpoint)
  • Healthcare and finance remain the top targeted industries with increases in malicious emails bypassing SEGs at 84.5% and 118% respectively. (Cofense)

How Can Organizations Protect Themselves Against Email Threats? 

With the prevalence of email threats today, it is important that organizations gain a thorough understanding of what attacks may come their way and how to better protect themselves in the event of an attack.

  • 85% of security professionals said that most employees know they are responsible for security, but 59% of users either weren’t sure or claimed that they’re not responsible at all. (Proofpoint
  • Procedures should be put in place to verify payments and purchase requests outside of email communication and can include direct phone calls to a known verified number and not relying on information or phone numbers included in the email communication. (I3C
  • The most common countermeasures used against phishing are domain-based checks such as SPF, DKIM, and DMARC. A more comprehensive method is to design anti-phishing filters that can detect text commonly used in phishing emails, recovering hidden text in images. While these techniques will not prevent malicious email sent using compromised legitimate accounts, they can be used to reduce malicious email sent from spoofed domains or spoofed “From:” addresses. (NIST
  • According to NIST guidelines, “Administrators should consider using a combination of tools for processing incoming and outgoing email.” (NIST
  • The final line of defense against malicious UBE (Unsolicited Bulk Email) is an educated end user. An email user that is aware of the risks inherent in using email is less likely to fall victim to fraud attempts, social engineering, or convinced into clicking links containing malware. (NIST

Staying informed and up-to-date on current email threats is vital for keeping one step ahead of attackers, and for ensuring your organization does not experience a damaging and costly cyberattack.

Expert Insights Email Security Resources:

Mirren McDade
LinkedIn Email

Senior Journalist & Content Writer

Mirren McDade is a senior writer and journalist at Expert Insights, spending each day researching, writing, editing and publishing content, covering a variety of topics and solutions, and interviewing industry experts. She is an experienced copywriter with a background in a range of industries, including cloud business technologies, cloud security, information security and cyber security, and has conducted interviews with several industry experts. Mirren holds a First Class Honors degree in English from Edinburgh Napier University.
Laura Iannini Laura Iannini
Email

Cybersecurity Analyst

Laura Iannini is an Information Security Engineer. She holds a Bachelor’s degree in Cybersecurity from the University of West Florida. Laura has experience with a variety of cybersecurity platforms and leads technical reviews of leading solutions. She conducts thorough product tests to ensure that Expert Insights’ reviews are definitive and insightful.