Email Security Research Report: Top Insights & Recommendations
We analyzed our claims data to rank email solutions and email security solutions based on their cyber incident frequencies
Not all email solutions and email security solutions are equally effective at preventing cyber incidents.
The security of an organization’s email infrastructure is a significant determinant of overall risk, yet organizations lack clear data and straightforward information about which investments will keep them most secure.
At-Bay’s mission is to bring clarity to cybersecurity and empower businesses to embrace technology with confidence. To this end, we leveraged our claims data to rank the email solutions and email security solutions with the highest to lowest frequencies of cyber incidents among At-Bay policyholders.
Below are some of our top findings:
In the second half of 2022, 41% of At-Bay’s insurance claims originated from a malicious email1.
This clear and present threat is why we continue to encourage our policyholders to adopt empirically provable leading practices to improve the security of their email. These include: adopting a cloud-based email solution, implementing strong email security configuration settings (i.e., strengthening default settings), and — for more complex IT environments — adding layered protection like a secure email gateway.
Additionally, we believe that our research findings on the security controls in use at the time when incidents occurred offer a clear idea of which email solutions and email security solutions deliver the greatest risk reduction, and these findings are applicable whether you’re an At-Bay customer or not.
Here are three key takeaways every organization should consider:
- At-Bay recommends transitioning to a cloud-based email solution as soon as possible and certainly before current in-use solutions reach end-of-life status. While there are costs associated with migrating to the cloud (i.e., financial and temporary productivity losses), those costs are dwarfed by the value of the risk reduction gained from the change.
- Organizations should seriously consider implementing a market-leading email security solution. While most of the email security solutions in our dataset were correlated with some reduction in risk for email-related incidents, organizations using the top performer, Mimecast, experienced far fewer email security incidents than the least-effective email security solution we analyzed.
- For organizations looking for the best out-of-box email solution for security, Google is the top performer with 40% fewer incidents. For those who opt for Microsoft 365, we recommend an add-on email security solution. Based on our data and expertise, Microsoft’s Defender (the product that provides security for email, not the product that provides endpoint protection) or a top-performing email security solution like Mimecast are the best options.
Improving email security can be a “quick win” for organizations looking to strengthen their security posture.
At-Bay’s estimated frequency of incidents experienced by organizations with various email providers and email security solutions could be used as decision support for organizations that are considering changing their email environments or investing in an add-on security solution.
About The Author
Adam Tyra is a technology professional with over 18 years of experience in security and deep expertise in cybersecurity operations. He currently serves as At-Bay’s General Manager of Security Services.
Prior to joining At-Bay, Adam was a security leader at Kivu Consulting, TalonX, McKinsey & Company, and EY. Before becoming a consultant, he worked as a software developer, architecting and implementing cybersecurity tools for the U.S. defense and intelligence communities. Adam also served as a cybersecurity officer in the U.S. Army.
1. Source: At-Bay claims data 2022
The information is provided for informational purposes only and no warranty is given or liability accepted regarding this information.