Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Prepare for the next wave of email attacks at Fwd: Thinking on Nov 2 | Save Your Seat →

Every Company's Riskiest Channel

The report that captures the true state of email security in 2022, brought to you by Tessian. Read on to discover the latest trends and key findings related to advanced threats and data loss on email in the modern day enterprise.

Email is the lifeblood of the organization.

Businesses receive thousands of emails every day.

This reliance on email – combined with the open nature of the communications tool – is what makes it the number one threat vector in organizations today.

Nearly 1 in 5 advanced email attacks are successful

94% of organizations experienced a spear phishing or impersonation attack in 2022.

On average, 1 in 5 advanced email attacks received were successful (18%). Organizations in the U.S. receive on average 1.5 times more spear phishing and impersonation attacks than the global average.
Impersonation attacks were the most common type of advanced email attack experienced by global organizations in the first nine months of 2022 and they ranked as the top email threat that security leaders are most concerned about.
Security leaders reported an average of 148 impersonation attacks in 2022, followed by 141 spear phishing attacks, and 135 email-based ransomware attacks. Just over one in 10 global organizations received significantly high volumes of advanced email attacks in 2022 too; 11% received over 450 spear phishing and 12% received over 450 impersonation attacks.
What’s more, 92% of global organizations experienced at least one email-based ransomware attack in 2022, with 10% of the security leaders surveyed saying they received over 450 email-based ransomware attacks since January 2022.

Keys to the kingdom compromised

In addition to financial losses and breaches of customer data, 71% of security leaders experienced credential or account compromise a.k.a Account Takeover as a result of a successful advanced email attack in 2022.

When a threat actor acquires legitimate login credentials, they can use those credentials to send more attacks, posing as the individual they’ve successfully manipulated in attempts to steal money or sensitive information. It is incredibly difficult for the recipient of the malicious impersonation email to determine whether they are receiving an email from a cybercriminal or their trusted connection.

What is Account Takeover and why is it a threat?

62% see email threats bypass traditional defenses

Despite having a rule-based email security solution in place, in the form of a Secure Email Gateway (SEG) or native security from a cloud provider like Microsoft or Google, IT and security leaders found that advanced email threats continued to reach end-user inboxes.

In fact, over six in 10 security leaders (62%) whose organizations have a SEG in place said advanced email threats bypassed those defenses in 2022.

Why? Read more here: Why Legacy Secure Email Gateways Are No Match for Today’s Cyber Threats

Impersonating peers to trick targets

When asked who was being impersonated in the email attacks, over a third of IT and security leaders (37%) said threat actors posed as employees in attempts to trick end-users in their organization. This was closely followed by a vendor (32%) and a C-level executive (31%).

"There are several core principles of influence and one of them is social proof. A stronger version of social proof is one that invokes authority. As humans, we are deferential to authority so if our default is to ‘do what the boss says’, and a cybercriminal impersonates a senior executive at the company, it increases the probability that the attack will work."

Jeff Hancock, Professor at Stanford University

The bigger the company, the more email threats received

On average, companies with over 1,000 workers received twice as many spear phishing and email impersonation attacks than companies with 100-250 employees, and 3x more than companies with under 100 employees.
Smaller companies – those with under 250 employees – were most likely to receive email attacks from threat actors impersonating board members and investors. This reflects how cybercriminals tailor their scams to make them more believable, given that most companies of this size will be start-ups. In larger organizations, users were more likely to receive impersonation emails from threat actors pretending to be employees or company vendors.

Insider threats leave security leaders exposed

Email threats coming into the inbox aren’t the only threat that IT and security leaders have to deal with; emails being sent by users also pose risk to data and company security.

Nearly two-thirds of security leaders (63%) said that their staff exfiltrated data over email in 2022, while 92% of companies experienced a data breach caused by an end-user making a mistake on email – such as sending an email to the wrong person or failing to send the correct attachment.

What’s more, nearly one in five companies (16%) dealt with over 50 data breaches caused by users’ errors on email in 2022 alone.

Using automation to mitigate email threats

Nearly every respondent (99.5%) recognized that AI and machine learning can enhance and improve their email security. The number one benefit cited by IT and security leaders were faster threat detection (66%), closely followed by more accurate threat detection (56%).
44% of respondents also noted that automated approaches to email security could alleviate administrative burdens on their already stretched security teams.

Despite recognizing the benefits of adopting machine-intelligent technology to protect against email threats, just under half of the respondents (45%) say they are using a next-generation email security solution that leverages AI or machine learning.