The Future Of Email Security: Where Is The Market Headed In 2024 and Beyond?

The email security market is one of the most dynamic, competitive markets in the cybersecurity industry. The market is currently expected to grow from USD 4.25 billion in 2023 to USD 10.83 billion by 2032.

I founded my own email security business, EPA Cloud (now part of VIPRE Email Security, Ziff Davies), in 2003. At that time, there were only a few providers in the email security space, such as MessageLabs, Clearswift, Postini, and FrontBridge, who built the first secure email gateways (SEGs).

When I sold my business in 2013, the prevailing wisdom in the email security space was that the market was at its peak. In 2015, Gartner retired its Secure Email Gateway (SEG) Magic Quadrant, noting that the “penetration rate of commercial SEG solutions is close to 100% of enterprises.”

But, today, the email security market is booming! Expert Insights are currently tracking over 45 different vendors in the email security space. Multiple sources have told me the Gartner Magic Quadrant will be making a comeback for Email Security later this year

In the last couple of months, I’ve been at the RSA Conference and Infosecurity Europe, speaking with CEOs and executives from email security companies of all sizes to find out where the email security market is headed.

Here are my takeaways:

1. Phishing Isn’t Going Anywhere

When I speak to security teams, phishing is typically the number one reason for investing in an email security solution.

Phishing is highly lucrative for cybercriminals and is getting much easier to scale with GenAI. Since the launch of ChatGPT, there’s been a 1,265% increase in malicious phishing emails.

There will continue to be a strong market for vendors that offer effective phishing protection. It’s likely that vendors that vendors will need to invest in their own AI solutions to better detect AI generated phishing and spam.

2. The SEG Is Not The Future:

The direction of travel is toward deploying mail flow rules and API scanning. Gartner predicts that 20% of anti-phishing solutions will be deployed at the API layer by 2026.

In my view, there are several reasons for the success of this market category:

• Phishing: These solutions are much better at catching phishing than SEGs.
• Better M365 & Google Workspace filtering: Microsoft and Google have made big improvements to their native email filtering for M365 and Google Workspace. This has squeezed the market for SEG providers but has helped API-based providers as they sit alongside native controls, rather than replacing them.
• Ease of use: Cloud-native solutions are much easier to use and deploy than traditional SEG solutions and require less ongoing support.

In the long term, I envisage that all the major SEG providers will transition to using a combination of mail flow rules and APIs to protect M365/Google Workspace.

3. There’s An Email Skill Gap For MSPs

MSPs are implementing complex solutions that they don’t necessarily have the skills required to configure and manage. The result is companies being breached even when they have a solution in place. Therefore, we will see a rise of (a) security vendors imposing best practice on MSPs or (b) a new class of providers who focus on implementing and managing security solutions on behalf of MSPs.

4. We’ll See Further Email Security Consolidation

Expert Insights is currently tracking over 20 SEG providers and over 29 API-based ICES providers. There have been a number of acquisitions in recent years as some of the more established email gateway providers have looked to build out their cloud integrated capabilities, including:

• Graphus Inc., acquired by Kaseya (2020)
• Avanan, a Check Point Company, acquired by Check Point Software (2021)
• Agari, acquired by Fortra (formerly HelpSystems) (2021)
• Area1, acquired by Cloudflare (2022)
• Armorblox (now part of Cisco), acquired by Cisco (2023)
• Tessian, acquired by Proofpoint (2023)
• Vade & ZeroSpam, acquired by Hornetsecurity (2024 & 2021)
• Egress Software Technologies, acquired by KnowBe4 (2024)

It’s almost certain that there will be further consolidation in the email security space as security vendors look to expand their cloud-based offerings and buy up more agile competitors in the space.

5. The Future Is Not Mailbox Security – It’s “Human-Layer” Security

We are starting to see a shift in the email security market away from a core focus just on “email”, to broader coverage of human risk management. We spoke to several vendors at RSAC that are already taking this approach, including:

• Abnormal Security, who are extending their email account takeover protection across other cloud accounts including Atlassian, Zoom, DocuSign, Salesforce, and Google Drive,
• Proofpoint, who have acquired Illusive , an identity threat protection provider, and Tessian, an email protection and data loss prevention software that provides human-focused risk scoring
• Material Security, who protect the content inside email inboxes. They monitor user behavior to detect suspicious activity and enforce multi-factor authentication for high-value email content, like password reset emails
• Egress Software Technologies, who are in the process of being acquired by KnowBe4, a leading security awareness training provider. KnowBe4 already leverages an integration with Egress to provide targeted training to users in the mailbox in order to stop phishing and account compromise.

What does this mean in practice?

1. Email protection will continue to extend across SaaS apps like Microsoft Teams, Slack, OneDrive, SharePoint, Dropbox etc., to prevent account takeover attacks and data loss.
2. As email data is becoming more easily accessible via API, email protection will bleed into other security categories, such as awareness training, identity and access management, and security information and event management (SIEM).
3. There will be more focus on protecting the content inside email inboxes, such as 2FA links, password reset links etc., as this data can cause significant breaches across your stack.

Looking Ahead:

Companies investing in an email security solution should be aware that the market is changing quickly.

The best solutions are already extending out of the core email stack to provide better protection for your users – these are the solutions you should be considering.

For information more on the email security market, Expert Insights is here to help. We’re a cybersecurity research platform providing independent analysis of the email security on the market today. You can check out our guides here.