• by Ray Schultz , Columnist, July 23, 2019

You may have your email marketing strategy in place. But can you say the same about your email security? 

Most companies are facing constant threats, judging by 2019 Email Security Benchmark Survey, a study by GreatHorn.

Of the respondents polled, 24.4% receive malicious email messages daily, and 25.4% receive them weekly. These include impersonations, wire transfer requests, W2 requests, payload attacks/malware, business services spoofing and attempts at credential theft. 

Add it up, and almost half the U.S. workforce sees a phishing attempt or social engineering email at least once per week, GreatHorn concludes.    

Even worse, 48.5% of white collar professionals see only spam in their inboxes, as do 16.4% of security professionals.

In addition, a third of the security pros see threats every day, and 27% see them at least once a week. 

Moreover, 22% of businesses have suffered a breach in the last quarter caused by malicious email.

In addition, simulated phishing click-rates fell by only 1% from 2017 to 2018 despite millions of dollars invested in security training programs and email technologies.

“Our latest research shows that employees -- particularly non-technical professionals -- overestimate the efficacy of their workplace’s email security strategy,” concludes GreatHorn CEO Kevin O’Brien.

O’Brien adds: “There is an alarming sense of complacency at enterprises at the same time that cybercriminals have increased the volume and sophistication of their email attacks.”

Meanwhile, 79.4% have serious issues with their security solutions. Yet 34.3% of security pros feel their tools are “good enough, despite glaring vulnerabilities." However, senior executives — technical decision makers, budget owners and CISOs — were dissatisfied, or worse.

To be specific:   

• 34.2% have challenges with remediation
• 26.6% say their current security solution doesn’t stop internal threats — e.g., if a user account is compromised.
• 21.2% have seen “payload-free attacks (e.g. impersonations, social engineering, etc.).” 
• 19.8% express fear that their solution “negatively impacts business operations (e.g. too many false positives).” 
• 18.9% report “missing payload attacks (e.g. malicious attachments and/or links).”  

GreatHorn surveyed 1,021 email security and white-collar professionals.