Security statistics and facts that prove email is the main vector of cyber threats
One of the main data that points to email as the main vector of threats and cyber attacks comes from the Verizon report (2019): 94% of security incidents with malware occur through the use of malicious e-mails.
In other words, of every 10 malware attacks, 9 of them happen via email. In practice, this means that the vast majority of ransomware attacks that paralyze people and businesses, and then charge ransom in cryptocurrencies, start with one malicious email.
Other data that prove email is the main channel used by hackers come from the FBI (2020): phishing is the scam with the largest number of cases reported annually, and BEC (Business Email Compromise) is the fraud that causes the biggest financial loss.
Email is widely used by cybercriminals because it’s cheap, easy to use, and has numerous points of vulnerability that can be exploited.
Below are more facts and security statistics that prove that email is one of the hackers’ favorite channels for committing fraud. Thus, not investing in email protection means being exposed to many risks.
Table of Contents
Email security statistics and facts
No company or person is immune from email attacks. This is a fact that should be taken into account when planning cybersecurity strategies or a consistent data and information protection program.
So, here are the reasons why every company should invest in email protection. First, check out some relevant data and statistics:
Email protection data and statistics
- Phishing incidents increased by 110%, from 114,702 incidents in 2019 to 241,324 incidents in 2020. (FBI, 2020)
- Business Email Compromise attacks caused losses of 1.8 billion in 2020. (FBI, 2020)
- One of the main vectors of ransomware is malicious phishing emails. (FBI, 2020)
- About 80% of the worldwide email traffic is spam. (Cisco, 2021)
- 91% of cyber attacks come from email. (PhishMe, 2017)
- Social engineering attacks, including phishing, are linked to about 22% of cases of breaches. (Verizon, 2020)
- Credentials and personal data are the types of data most compromised in phishing and social engineering breaches. (Verizon, 2020)
- 65% of cybercriminal groups use spear phishing as the primary vector of infection. (Europol, 2019)
- Phishing is involved in 78% of cyber espionage incidents. (Europol, 2019)
- 48% of malicious files used in email phishing scams are Office files. (Europol, 2019)
- Attacks using Office files increased by 67% in 2020, to about 1 in 4, while attacks using PDF decreased by 22%, to 1 in 10. (SonicWall, 2021)
- BEC’s top 5 email topics: Urgent, Request, Important, Payment, Attention. (Symantec, 2019)
- Phishing attacks grew by 250%. (Microsoft, 2018)
- 54% of IT and security leaders reported an increase in phishing attacks since the beginning of the COVID-19 pandemic. (Microsoft, 2019)
- The 10 most impersonated brands in email attacks: Microsoft, DHL, Linkedln, Amazon, Rakuten, IKEA, Google, Paypal, Chase e Yahoo. (Check Point, 2020)
- The 5 main sectors and industries attacked in phishing scams: financial institutions, SaaS and webmail, payment, social networks and ecommerce. (APGM, 2020)
Real examples of email attacks
If you still need more evidence and facts, we’ll present some real cases of email attacks.
Toyota Boshoku Corporation, an auto parts supplier, suffered an estimated loss of USD 37 million in 2019 due to a social engineering and BEC (Business Email Compromise) attack.
In a similar case, Sony Pictures was hacked in 2014 after company employees were duped by hackers who impersonated Apple. Thousands of confidential documents have been stolen.
Have you heard of the Emotet trojan? Emotet was defined as one of the most dangerous and destructive malware in the world by the US government in 2018. The main infection vector for this malware is malicious email.
To close our list of real cases, we could not forget about WannaCry, which is known as one of the worst ransomware attacks in history. The loss caused by WannaCry exceeds USD 4 billion. The threat vector is also malicious emails.
To check more examples, we recommend reading the following articles:
Email security investment
It only takes a click on an email to compromise a company’s entire operation with ransomware.
Likewise, a careless click is enough to access a malicious URL and provide credentials that will allow access to sensitive systems and data.
Due to this, over the years, email security solutions have become a necessity for companies of all sectors and sizes.
If you want to know more about the importance of investing in email protection, we recommend reading the following articles:
In conclusion, we hope that the statistics and security facts presented in this article help keep you informed and aware of the importance of protecting email. Especially because, as we have already pointed out, email is the main vector of attacks and threats on the internet.