Report: 94 Percent of Global Organizations Experienced Email Security Incidents in 2023

Cybersecurity company Egress released its second Email Security Risk Report. The 2024 Email Security Risk Report offers expert commentary, a comparison of 2023’s results, insight into how cybersecurity leaders view threats, vulnerability to inbound phishing attacks and outbound data loss and exfiltration, and views on the effectiveness of traditional email security.

The report contains new data on phishing attacks, data loss prevention and concerns about technical defenses’ ability to detect and prevent advanced threats within Microsoft 365 environments.

“What has been staggering is the emergence of trends alongside the 2023 edition of the Email Security Risk Report; for example, 94 percent of respondents fell victim to phishing attacks, up two percent from the previous year,” said Egress VP of Threat Intelligence, Jack Chapman. “Organizations continue to face vulnerabilities when it comes to advanced phishing attacks, human error and data exfiltration, and analyzing emerging trends will be key to bolstering defenses.”

The report also highlights how cybersecurity leaders know that they’re vulnerable when it comes to phishing attacks, with 58 percent of organizations having experienced account takeover incidents in the last 12 months, and 79 percent of those starting with a phishing email that harvested an employee’s credentials. Also of note, 94 percent of companies have experienced security incidents in the last 12 months, and 95 percent of cybersecurity leaders reported being stressed about email security.

Additionally, 91 percent of organizations experienced data loss and exfiltration due to reckless behavior to “get the job done,” human error or malicious exfiltration amongst other contributing factors, an especially pressing concern among remote and hybrid organizations with limited monitoring.

The impact of an email security incident can be severe for employees and their organizations. 96 percent of surveyed organizations experienced negative impacts from phishing attacks, marking a 10 percent jump versus last year’s report. In particular, the report revealed the way organizations responded, with:

• 51 percent of employees caught in phishing attacks, disciplined.
• 39 percent of employees, fired.
• 27 percent of employees, voluntarily leaving their roles.

AI also continues to be one of the industry’s biggest talking points, with 63 percent being kept awake at night by deepfakes, and 61 percent by AI chatbots utilized to create efficient phishing campaigns.

To view the report, click here.