Email attacks continue to plague businesses of all sizes with 85% of Americas-based companies reporting an attempted email-based security threat over the past 12 months, according to a just released 2019 Email Security Trends report from Barracuda Networks. 

Not only do these security threats take a direct hit on the reputation of the IT team, almost half (48%) of all survey respondents claim a loss of employee productivity, 36% report downtime and business disruption, and 78% of companies report that the cost of email breaches is on the rise. 

Barracuda’s report includes responses from 660 executives, individual contributors and team managers in IT security roles in the Americas, EMEA and APAC. The survey respondents came from small, midsize and enterprise organizations in a range of vertical markets such as technology, financial services, education, health care, manufacturing, government, telecommunications, retail and others. 

While the self-reported responses to the current state of email security show serious weaknesses, the IT professionals said they’re more confident about email security today than a year ago. Questions were asked about phishing, insider threats and Office 365, as well as the business impact, security spending and cost of breaches. 

Phishing and ransomware were among respondents’ top concerns. The lion’s share (79%) of survey takers worry about attacks and breaches coming from within their companies. 

Focusing on phishing, 43% of overall respondents said that devices were infected with malware/viruses within the past 12 months; during the same time frame, 33% had stolen login credentials and/or account takeover; 27% suffered reputational damage; 20% reported direct monetary loss, such as money transferred; and 18 percent had sensitive or confidential data stolen. 

Among Office 365 users, most, or 90%, are concerned about security, with 86% of companies in agreement that third-party email security solutions are vital for a secure Office 365 environment. 

At the same time, 94% of organizations said that employees report suspicious emails to IT daily, with about 58% of those emails identified as not fraudulent.

“More than three-quarters of organizations say their employees aren’t good at spotting suspicious emails for a number of reasons,” the report reads.

Some of those reasons: Employees are nervous and overreport suspicious emails; employees are careless and don’t recognize obviously suspicious emails; and employees represent a mix of underreporters and overreporters. Twenty-one percent said employees do a great job of identifying suspicious emails and alerting IT only when necessary. 

So, what types of email security solutions are survey respondents investing in? 

More than 80% of respondents are shelling out money for virus and malware filters (88%). Eighty-five percent buy spam filters. Other areas of technology spending: email authentication – 68%; URL protection – 57%; computer-based security training – 55%; sandboxing – 29%; automated incident response – 25%; dedicated spear-phishing protection – 23%; and account takeover protection – 22%. 

Then there’s the cost of breaches – one-quarter of respondents report that attacks have cost their organizations $100,000 or more.