2022 Email Security Survey: A Look at Emerging Attacks, Tools, and Trends

In the past two years, the prevalence of email-borne cyber threats—which was already high—soared to unprecedented levels. According to data from the FBI, both business email compromise (BEC) and ransomware attack volumes swelled to record highs, as did the number of reported phishing attacks.

In response, security leaders are changing how they think about email security. We partnered with Aimpoint Group to survey 300 security leaders to discover what matters most to them when it comes to email security. Based on this survey, our latest 2022 Email Security Trends Report explores how email security strategy is changing, and how security leaders are changing their tactics to better protect their organizations.

Gartner estimates that 70% of organizations had already adopted a cloud-based email solution by late 2021, and our survey data shows that 93% of organizations already have a cloud-based solution or intend to implement one in the future. As enterprises shift to the cloud, many are experiencing a mismatch between their legacy security architecture and the needs of their cloud email environment.

Secure email gateways (SEGs), in particular, were engineered for an on-premises world rather than today’s cloud email ecosystem. And as threat actors shift their tactics toward social engineering, the inability of the SEG to stop modern attacks is becoming more apparent. In fact, 78% of survey respondents believe that secure email gateways are largely incapable of protecting modern cloud email environments.

Meanwhile, major cloud providers including Microsoft and Google have made considerable investments in improving the native capabilities of their offerings. Gartner predicts at least 40% of enterprises will use built-in capabilities from a cloud email provider in place of the secure email gateway by 2023.

That said, advanced features and controls are typically only available as an add-on or part of a higher-priced licensure tier from some vendors—and not at all from others. Further, these native security solutions tend to operate by blocking known threats, which means organizations that rely on these capabilities alone may remain vulnerable to never-before-detected threats or sophisticated social engineering and account compromise attacks. Similar to the ineffectiveness of the secure email gateway, 79% of stakeholders believe that native controls offer insufficient threat protection on their own.

So even as enterprises adopt more of cloud providers’ built-in email security capabilities, large numbers of email-borne attacks are still circumventing enterprise defenses. In fact, participants indicate that malware and ransomware are still the biggest concerns, closely followed by credential phishing and business email compromise. This reality makes it abundantly clear that it’s now essential to implement email security solutions that are more effective and efficient than those of the past.

It also requires security teams to shift their mindset, away from a rules-and-policies-based approach to preventing attacks, and toward a reliance on human and behavioral analysis. For many organizations, this will mean displacing the legacy SEG and turning to a combination of modern email security solutions that were designed for a cloud-first world.

Recognizing that new email security tools are now available to stop the attacks that bypass traditional solutions, Gartner coined the category of integrated cloud email security (ICES) in the 2021 Market Guide to Email Security.

ICES products are cloud-native solutions that analyze email content via API connectivity so that there’s no need to change the MX records. These platforms leverage technologies like natural language processing (NLP) and behavioral AI to detect and block the malicious emails that legacy solutions miss. And this survey shows that to combat tomorrow’s increasingly sophisticated cyber threats, enterprises will need this sort of innovation—either in addition to or in place of their current tools.

Survey respondents seem to be on the same page with 90% of all participants agreeing that a combination of native security capabilities within cloud email platforms and the implementation of an integrated cloud email security solution can replace the full functionality of a SEG.

With the number of impersonation-based attacks like BEC and attacks from compromised accounts still increasing, email security strategies must advance beyond the reactive blocking of known threats. These results show that security leaders are looking to innovative solutions that integrate via API and use artificial intelligence (AI) to baseline known good behavior and block malicious deviations.

There is little denying that ransomware attacks, business email compromise scams, and other advanced email-borne threats will persist. And because traditional tools cannot protect against these evolving threats, it’s essential to adopt a multi-layered approach—one that’s suited to modern IT ecosystems and architectures.

Security leaders recognize that they must also harness technologies like natural language processing and artificial intelligence to increase efficiency, all while centralizing visibility and control to stay ahead of evolving attacks. As this survey shows, organizations are already shifting to cloud email security to protect themselves, with ICES solutions front of mind.

To learn more about the challenges and opportunities that today’s enterprise email security teams face and how leaders are thinking about evolving their email security strategy for the future, download the full report.