Cost of an email-borne security attack can on average exceed US$1 Million, says Barracuda Networks’ research

India: Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, today published its 2023 Email Security Trends report that shows how email-based security attacks affect organizations around the world. 82% of the Indian organizations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than US$1 million for their most expensive attack. 36% said that the cost of email-based attacks has risen dramatically over the last year.

The survey, conducted by independent research firm Vanson Bourne and commissioned by Barracuda, questioned IT professionals from frontline to the most senior roles in companies with 100 to 2,500 employees, across a range of industries in the U.S. and EMEA and APAC countries including India.

Research finds that organizations based in India are among the most likely to be hit with a successful email attack. Organizations in the country also reported the highest average percentage of remote workers (54%), which could be a contributing factor as to why businesses in India are suffering more from email-based security attacks with remote working is often seen as less secure.

The fallout from an email security attack can be significant. The most widely reported in India were brand and company reputation damage (49%), hurt the reputation of the IT team (48%), and downtime and business disruption (43%). India is also the most likely to report that the costs of email attacks increased dramatically in the past 12 months, with expenses exceeding US$1.3 million on average for the costliest attack.

While the India-based organizations surveyed have invested a lot in improving their email security, with 32% have increased their spending in the past 12 months, Indian organizations also feel underprepared to deal with email account takeover (45%) — a very valid concern given the larger than average remote workforce in India — closely followed by viruses and malware (38%), data loss (35%), and business email compromise (35%).

There were notable differences between industries across the globe. For example, financial services organizations were particularly affected by the loss of valuable data and money to attackers (cited by 59% and 51% of victims, respectively), while in manufacturing the top impact was the disruption of business operations (53%). For healthcare institutions the recovery costs involved in getting systems up and running again quickly were the most significant (44%). Regardless of size or industry, however, organizations with more than half their employees working remotely faced higher levels of risk and recovery costs.

“Email is a trusted and ubiquitous communications channel, and that makes it an attractive target for cybercriminals. We expect email-based attacks to become increasingly sophisticated, leveraging AI and advanced social engineering in their attempts to get the data or access they want and evade security measures,” said Parag Khurana, Country Manager, Barracuda Networks India . “Email-based attacks can be the initial access point for a wide range of cyberthreats, including ransomware, information stealers, spyware, crypto mining, other malware, and more. It is not surprising that IT teams around the world don’t feel fully prepared to defend against many email-based threats. Growing awareness and understanding of email risks and the robust protection needed to stay safe will be key in keeping organizations and their employees protected in 2023 and beyond.”