Cybersecurity vendor Barracuda Networks has released data containing new research which is fairly simple and straightforward. New research shows that organizations which take longer than nine hours to address an email security breach have a 79% chance of also being a victim of ransomware. The new Email Security Breach Report 2025 found that most of the organizations surveyed (78%) experienced an email breach in the previous 12 months, with the average cost to recover reaching $217,068.
Smaller businesses are hit especially hard. The data indicate that companies with 50 to 100 employees incur costs of on average $1,946 per person, while larger organizations with 1,000 to 2,000 staff see average costs of $243 per employee.
The survey also shows that even though the report demonstrates the need for rapid incident detection and response, many companies struggle to achieve this. Respondents cite the increased complexity of email threats, skills shortages and the lack of automated incident response as obstacles that make it difficult to quickly identify and remove threats.
“Email security is no longer just about stopping spam or mass phishing — it’s about preventing the first domino from falling in a cyberthreat chain that could end in operational paralysis, data loss, reputational damage and longer-term business impacts,” said Neal Bradbury, chief product officer at Barracuda. “Responding quickly and effectively to email breaches is critical to overall cyber resilience. This can be a challenge for many organizations. The findings show that the ability to detect and neutralize email incidents is often hampered by increasingly complex and evasive attacks, internal skills shortages, a lack of automation, and more. A unified approach to protection centred on a strong integrated security platform is vital.”
78% of organizations experienced an email security breach in the previous 12 months.
71% of organizations that experienced an email security breach were also hit with ransomware during the year.
41% suffered reputational damage, and many lost new business opportunities, harming growth.
57% of organizations experienced a successful ransomware attack in the last 12 months.
Only 50% detected the breach within an hour.
Organizations taking 9 hours or more to fix the breach have a 79% chance of also being hit with ransomware.
One in three victims (31%) were affected twice or more. The report stated that this prevalence of multiple successful attacks suggests that security gaps are not fully investigated and addressed after each incident. The report looks at the difference between organizations affected once and those affected multiple times to see what can be learned from the data and how organizations can use this to boost their security posture.
65% of ransomware victims were able to restore data from backups.
47% say advanced evasion techniques are the main obstacle to rapid incident response.
44% say the lack of automated incident response delays the detection, containment and removal of threats.
24% of ransomware victims had data encrypted – while 27% had data stolen, and 29% said the attackers installed additional payloads.
The bottom line was $217,068. That was the average cost of responding to and recovering from an email security breach.
Around a quarter of the ransomware incidents experienced by respondents involved the encryption of data, locking endpoints and data theft. Attacks also featured lateral movement across the network, the infection of multiple endpoints, the installation of additional malicious payloads, privilege elevation, and embedding backdoors and other persistence mechanisms. Further, to make it harder for victims to restore their data without paying, around one in five attackers accessed and wiped backups and deleted shadow copies of files.
These figures have changed little since the last survey two years ago. In 2023, the findings showed that 31% of those affected once, and 38% of those affected twice or more, paid a ransom to recover data.
Once the dust has settled on the actual attack, victims are left facing operational and commercial repercussions. The top impact cited by ransomware victims was damage to their brand and reputation, followed by downtime and recovery costs. A third admitted losing sensitive data. One in four ransomware victims faced the longer-term business impact of losing existing customers and new business opportunities.
According to respondents, the most widely deployed security measures are email security (implemented by 52%), network security (52%) and security awareness training (48%). Organizations that reported a successful ransomware incident are less likely to have implemented any of these.
The findings of the Vanson Bourne report can be grouped into three overarching themes, namely:
- Ransomware victims are more likely to have fragmented security, with too many disconnected security tools and insufficient cover in key security areas.
- Ransomware attacks are multidimensional. They are no longer just about data encryption, but now involve data theft and exposure, the installation of additional
malicious payloads, and more.
- The impact crater of a successful ransomware attack is expanding, including the loss of new business opportunities, and payment pressure tactics that extend to employees, partners, customers, and the authorities.
The report is based on the findings of an international survey Barracuda commissioned independent market research company Vanson Bourne to conduct a global survey of 2,000 senior security decision-makers in IT and business roles in organizations with between 50 and 2,000 employees from a broad range of industries in the U.S., UK, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, the Netherlands, Luxembourg), the Nordics (Denmark, Finland, Norway, Sweden), Australia, India, and Japan. The fieldwork was conducted in April and May 2025.