3 in 4 businesses hit by email attacks

Email-based attacks continue to evolve, and the cost to business is alarming.  

The 2023 Email Security Trends Report by Barracuda – based on the calendar year 2022 and informed by 1350 participants from Australia, Europe, the US, and India – found that three-quarters of all organisations polled were impacted by a successful email attack. 

Australian businesses were not far off that global figure, with 74% of 150 organisations polled falling victim to email attacks at least once. 

A single email attack can cost an Australian business on average $1.4 million, a figure that a quarter of businesses say is a sharp increase from the year before. Globally, however, eight in 10 businesses reported that the cost of an attack had risen since 2021. 

Email remains a powerful attack channel. It is an accessible, effective, and low-cost tool for cybercriminals to use. Email-based attacks also continue to evolve, harnessing artificial intelligence (AI) and advanced social engineering techniques for increasingly sophisticated and stealthy attacks.  

“Email-based attacks can be the initial access point for a wide range of cyber threats, including ransomware, information stealers, spyware, crypto mining, other malware, and more,” said Don MacLennan, senior vice president at Barracuda.  

“Email is a trusted and ubiquitous communications channel, and that makes it an attractive target for cybercriminals. We expect email-based attacks to become increasingly sophisticated, leveraging AI and advanced social engineering in their attempts to get the data or access they want and evade security measures.” 

But the costs go far beyond the financial. More than 40% of Australian businesses reported disruptions to their day-to-day operations and a drop in productivity from employees, while 37% felt the breaches caused damage to brands and reputations.  

The effects of email attacks also varied between industries. Companies in the financial sector were more affected by the loss of data and money, for instance, while those in healthcare cited the high cost of recovering from an attack.  

“Alarmingly, around a third of companies in Australia feel they are not prepared to handle malware or data loss, and many companies feel that the rise in working from home during and since the pandemic has increased the risks associated with email attacks,” the report said. 

“Companies with more than half their workforce working remotely were found to be more likely to be attacked.” 

Smaller companies were also more likely to be affected by the loss of sensitive or critical data, followed by brand reputation damage. For mid-size and larger organisations surveyed, the most common impacts were downtime/business disruption and loss of employee productivity.  

The report revealed that most organisations surveyed (97%) feel they are not fully prepared to deal with top security threats. About a third (34%) feel poorly prepared to deal with data loss or malware, and over a quarter (27%) say the same about ransomware. In fact, 28% feel they are not even prepared to deal with less-complex threats such as spam.  

Growing awareness and understanding of email risks and the need for robust protection is a positive starting point for email security in 2023.    

“It is not surprising that businesses around the world don’t feel fully prepared to defend against many email-based threats,” Mr MacLennan said. 

“Growing awareness and understanding of email risks and the robust protection needed to stay safe will be key in keeping organisations and their employees protected in 2023 and beyond.” 

How we help

Ready to protect your business? My Business Cyber offers a complete solution to test, train and measure awareness, reducing the risk of human error. Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools, and resources.