One 2022 survey is showing that the increasing sophistication of such attacks has left some respondents unconfident of their defense capabilities

Based on a survey of 1,350 IT decision makers across the US, EMEA and APAC (Australia, India), one cybersecurity firm has concluded that the cost of email-borne cyberattacks has been increasing, with victims facing average damages worth up to US$1m.

Some 23% of respondents had indicated their perception that the cost of email-based attacks had risen dramatically by the time of the survey: Dec 2022.

The most widely reported consequences of email-borne attacks were cited as downtime and business disruption (44%); the loss of sensitive, confidential, and business-critical data (43%); and damage to brand reputation (41%).

Other findings

The data showed notable differences in impact between industries that were hit by email-based attacks.

For example, financial services organizations were particularly affected by the loss of valuable data (59%) and money (51%) to attackers, while in manufacturing the top impact was the disruption of business operations (53%). Also:

    • For healthcare institutions in the survey, the recovery costs involved in getting systems up and running again quickly were the most significant (44%).
    • Regardless of size or industry, however, respondents with more than half their organization’s employees working remotely faced higher levels of risk and recovery costs.
    • Respondents across the countries involved in the survey cited feeling underprepared to deal with the threat of malware and viruses (34%), advanced email attacks like account takeovers (30%) and business email compromises (28%), and basic threats such as spam (28%).

According to Mark Lukie, Director of Solutions Architects (APAC), Barracuda, which commissioned the survey: “Email-based attacks can be the initial access point for a wide range of cyber threats, including ransomware, information stealers, spyware, crypto mining, other malware, and more. It is not surprising that IT teams around the world don’t feel fully prepared to defend against many email-based threats. Growing awareness and understanding of email risks and the robust protection needed to stay safe will be key in keeping organizations and their employees protected in 2023 and beyond.”