Four trends in email security for 2023

With the increasing costs of successful email-based attacks, companies need help deploying effective security tools.

Olesia Klevchuk, product marketing director, Barracuda

Email continues to be a key focus for cybercriminals and cybersecurity professionals because it remains the most common gateway for cyber-attacks. Recently, Barracuda released its 2023 Email Security Trends report, which covers the frequency and cost of attacks and how firms invest in security.

For MSPs and VARs, a few key trends uncovered by researchers will impact demand for managed security solutions.

Attacks are Increasing in Frequency and Cost

The number of email attacks continues to grow and affect larger numbers of organizations across different markets. According to the report, 75 percent of organizations have been victims of at least one successful email attack in the past 12 months.

The fallout from such an attack can have a high cost in lost revenue, stolen funds, and business disruption. According to respondents, the most severe consequences of a successful attack included downtime/business disruption (44 percent), loss of sensitive data (43 percent), and reputation damage (41 percent). 

Eighty-two percent of respondents reported that the costs of an email attack have risen in the past year. The report found that the average outlay of the most expensive attacks is more than $1 million (including direct losses, downtime, lost productivity and data, and reputational damage). In addition, companies with larger remote workforces reported higher overall costs for email attacks and higher recovery costs. For small and medium-sized businesses, the aggregate of these losses can be devastating.

For MSPs, the business case for intelligent email security only gets easier to calculate, even for the most cost-conscious customers. For example, companies can leverage secure backup and recovery offerings to prevent data loss (and recover from ransomware attacks) and automated incident response solutions that can prevent attacks from spreading throughout the entire network, thus reducing the overall cost of an attack.

Many Companies are Unprepared

The survey found that only 2 percent of respondents claimed that email attacks did not affect their organization – down from 26 percent in 2019. Clearly, companies see how these more frequent and successful attacks can damage their business.

As a result, 26 percent of respondents have increased their email security investments, and 89% claimed their system and data were more secure than last year. According to the report: “Growing awareness and understanding of email risks and the need for robust protection is a positive starting point for email security in 2023.”

However, awareness does not mean they feel fully secure. According to the report, many firms still believe they aren’t prepared to deal with the major security threats, including malware/viruses (34 percent) and ransomware (27 percent), and 28 percent even reported feeling unprepared to deal with spam. Almost all respondents (97 percent) reported feeling unprepared to deal with the most prevalent threats.

For security services and technology providers, that creates an opening to sell more services to firms that lack the internal expertise or staff to deploy adequate email security.

Companies are Prepared to Invest in Email Security

With more expensive and successful attacks on the rise, firms are investing more heavily in email security. According to the report, 26 percent of organizations have increased their email security budgets and those that did say they feel more secure than under prior spending levels.

Larger organizations are more likely to have increased their spending on email security, with 32 percent of companies with more than 500 employees saying they planned to spend more. However, among companies with 100-249 employees, just 21 percent are spending more on email security. 

The survey also indicated that companies increasing their email security spending experienced a relatively lower cost when it came to successful attacks via mitigation. For example, according to the survey, the average price of the most expensive email attack for those spending more on security compared to last year was $905,000, compared to more than $1 million for those who had held spending at the same level.

Many Companies Have Underinvested in Key Security Solutions

The report also highlighted that many companies have not yet adopted more advanced security measures and solutions. For example, just 33 percent of respondents had deployed automated incident response technology. Other technologies with low adoption rates included Zero trust access (31 percent), account takeover protection (31 percent), and dedicated spear phishing detection (29 percent).

Advanced, multilayered email security and email authentication are critical first lines of defense against malicious messages, but just 50 percent of respondents reported having email authentication in place.

Security awareness training is also crucial since users must recognize potential spear-phishing attacks to avoid sharing passwords or other information. Yet just 42 percent of respondents in the survey had deployed such training.

These gaps, coupled with the data around attack costs and email security investments, reveal significant potential for security-focused MSPs and VARs to fill a pressing need when protecting companies from email-based attacks.

You can download the full report here and watch the email security trends webinar here.

Olesia Klevchuk is Product Marketing Director for Barracuda.