A recent global survey may hold clues, indicating links between prolonged delays in email breach response and increased ransomware incident likelihood.

Based on a survey conducted in April and May 2025 involving 2,000* senior IT and security decision-makers globally on the incidence, impact, and response challenges of email security breaches (including 600 from the Asia-Pacific region [APAC]) — the cybersecurity that that commissioned it has shared findings with the media.

First, 77% of surveyed APAC organizations had indicated experiencing an email security breach in the past 12 months. The average self-reported cost to recover from a single breach in APAC was US$224,094.

Second, 97% of respondents representing APAC indicated that their organizations had suffered impacts from such breaches, with 40% citing damage to brand or company reputation and another 40% reporting operational disruptions such as downtime.

Other findings

Third, 46% of APAC respondents had cited advanced evasion techniques used by attackers as the biggest obstacle to rapid breach detection. Also:

  • 47% indicated a lack of automated incident response tools as a key challenge in responding quickly to email breaches
  • 40% flagged a shortage of skilled security staff as limiting their response capabilities
  • Organizations taking longer than nine hours to address an email breach showed a significantly higher probability of ransomware infection

According to Mark Lukie, Director of Solutions Architects (APAC), Barracuda Networks, the firm that commissioned the survey: “Many businesses still underestimate how quickly an email breach can escalate into a much larger incident, such as ransomware… Building cyber resilience means investing not just in technology, but also in visibility, training, and coordinated response capabilities that allow teams to act fast when it matters most.”

*600 respondents were from APAC (country list not supplied), and 1,400 from 12 countries: the US (400), the UK (200), France (200), DACH (200 from Germany, Austria, Switzerland), Benelux (200 from Belgium, the Netherlands, Luxembourg), Nordics (200 from Denmark, Finland, Norway, Sweden), Australia (200), India (200), and Japan (200).