Report: Orgs spend 3,850 hours annually cleaning up email-based cyberattacks

We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!


Security managers are most concerned about the time it takes to respond to and eliminate email threats. According to a new report from Siren and Osterman Research, organizations are spending an average of 3,850 hours each year clearing compromises caused by email attacks. This figure does not include the time spent investigating suspicious messages and removing confirmed threats from the mailbox to avoid additional compromises.

Studies confirm that, despite investing in secure email gateways and user safety awareness training, bad artists continue to use social engineering email to breach the defenses of organizations. The resulting attack requires 175 hours to resolve each breach, and the most common type of breach is a tampered Office 365 login credentials (account takeover).

However, this effort does not include the time spent investigating suspicious message alerts submitted by users and trying to remove confirmed threats from the mailbox before the distracted user falls into the scam. The inability to prevent scams, tampering with business email and ransomware via email, and ensuring time and effort to investigate and respond to threats is a top concern for IT and cybersecurity leaders.

This bar chart shows the average annual number of breaches caused by email attacks.  89% reported email breaches they experienced in the previous 12 months, while 11% chose not to disclose.
This chart shows the average annual number of breaches caused by email attacks.

Most surprisingly, despite the large number of cyber security staff per 1,000 email users (17 in 2022 compared to 2 in 2019), the number of email breaches has increased compared to previous Osterman Research surveys.

The report includes responses to organizations’ protection and response to threats and compromises caused by malicious email delivered to Microsoft 365 users. Osterman Research surveyed 226 organizations during February 2022 using a combination of online and telephone surveys. Respondents represent organizations with an average of 3,862 employees in all industries in the United States and the United Kingdom.

Read the full report by Siren and Osterman Research.

Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more about membership.

Similar Posts

Leave a Reply

Your email address will not be published.