• by Ray Schultz , Columnist, February 28, 2024

Email security may not always be top of mind for marketing teams struggling to drive revenue. But it can affect them — and the entire organization.

And the problem is not going away, judging by Email Security Risk Report 2024, a study fromEgress. 

Of the companies polled, 94% were victimized by phishing attacks within their Microsoft 365 environments in the last 12 months. That’s up from 92% in the previous year.

The damage from such attacks like those are as follows:  

Financial loss from customer churn — 47% 

Reputational damage — 42% 

Financial loss from regulatory penalties — 34%

Lengthy remediation — 22%

Legal repercussions, including litigation — 14%

The top three attack types were:

• Malicious URLS 
• Attacks sent from compromised trusted third-party accounts
• Malware or ransomware 

The reason for the breaches? 

• Reckless behavior to "get the job done"
• Human error  
• Malicious exfiltration 

And while 76% enforce internal information barriers, 51% have had them breached. Meanwhile, 51% have fallen victim to phishing attacks sent from compromised supply chain accounts. 

Among cybersecurity leaders, 95% are stressed about email security, with these issues keeping them awake at night: 

• Deepfakes — 63%
• AI chatbots — 61%

Of the victims, 58% suffered an account takeover. 

Moreover, they have concerns about their traditional technology: 

• Secure email gateway — 91%
• Microsoft — 88% 
• Static data-loss prevention rules — 90%

Among the respondents, 91% are concerned about the effectiveness of their training.  

Egress surveyed 500 cybersecurity leaders, including CISOs and CIOs from the U.S., the U.K. and Australia, all of whom used Microsoft 365.