Email attacks are surging, hitting businesses hard and exposing a severe paradox: email is both indispensable and dangerously vulnerable. As digital communications fuel daily operations—from sales to financial transactions—organizations can’t just cut back on email to curb security risks. Financial fraud, the most common email-based attack, continues to skyrocket, leaving companies of all sizes scrambling for effective defenses. Simply restricting email isn’t feasible; companies must find ways to secure it.
In 2019, Japan’s Toyota Boshoku Corporation was hit with a $37 million BEC (business email compromise) attack. Though $37 million is a staggering amount, the company’s size and reach meant the fraud went undetected initially. Hackers persuaded an employee to transfer the sum from a European subsidiary before anyone noticed. This was the third BEC attack Toyota faced that year, leading critics to question if the company should have been more vigilant. As Toyota learned the hard way, BEC attacks often come in waves—one successful breach often paves the way for more, leading to losses in money, intellectual property, data, and sometimes even employee identities.
Email and financial fraud cybersecurity is the focus of InsurSec provider At-Bay’s new report, 2024 InsurSec Rankings Report – Email Security and Financial Fraud. The report, based on claims data from 2021 through mid-2024, offers an in-depth look at email-related cyber threats impacting businesses, ranks the effectiveness of top email platforms, and identifies the sectors and business types most vulnerable to attacks. The findings highlight the surge in email crimes and reveal which email solutions and security measures offer the best protection.
You can read or take away below and get the whole report here.
Email Security Threats Rise: Financial Fraud Dominates
Overview of Rising Email-Based Threats
Email remains the primary vector for cyberattacks, according to At-Bay’s newly released 2024 InsurSec Rankings Report on email security and financial fraud. The report, analyzing claims data from 2021 through mid-2024, shows a nearly 25% increase in email incident frequency in 2023, with financial fraud making up over 60% of these claims. This increase is particularly alarming for businesses across industries and revenue sizes, underscoring the critical need for effective email security solutions.
Email Attacks on the Rise: Frequency by Business Size and Sector
At-Bay’s data reveals a steady climb in email-related incidents from 2021 to 2023, with a slight dip in early 2024. Larger companies, particularly those with revenues exceeding $100 million, have been disproportionately targeted, experiencing nearly three times the claim frequency of smaller firms. This is likely due to higher transaction volumes, more vendor relationships, and the potential for high-stakes payouts.
Across industries, manufacturing, finance, and law firms saw the highest rates of email-related attacks. Due to their high-value transactions and often outdated security systems, manufacturing companies were the top targets, followed by finance and law firms. Technology companies, by contrast, recorded the lowest frequency of email incidents, reflecting the sector’s relatively robust security practices.
Financial Fraud Dominates Email Crimes
Financial fraud is by far the most prevalent email-based crime, accounting for nearly three-quarters of email claims in the first half of 2024. A typical financial fraud case involved $219,000 in stolen funds, with some incidents reaching losses of over $5 million. Real estate, finance, and construction sectors recorded the highest average losses, making them lucrative targets for fraudsters. Remarkably, 75% of these fraud cases involved an existing vendor or partner, complicating detection efforts and underscoring the sophistication of attackers.
Email Solutions: Winners and Losers in Risk Mitigation
The 2024 rankings show significant differences in the effectiveness of email platforms. Google Workspace and Mimecast topped the list for risk mitigation. Organizations using Google Workspace reported 54% fewer incidents than the industry average, a marked improvement from the previous report. Conversely, Microsoft 365 users saw a claims frequency 45% above average, indicating a widening gap in security outcomes between the two platforms.
Mimecast led among email security solutions, with clients experiencing 37% fewer incidents than the average. Proofpoint was a close second but saw only an 11% reduction in incident frequency. Solutions like Barracuda and Sophos, however, fared poorly, with users experiencing higher-than-average claim rates.
Common Security Vulnerabilities: MX Record Misconfigurations
Misconfigured MX (Mail Exchange) records, affecting 7% of email-related claims, emerged as a major vulnerability in At-Bay’s report. Misconfigurations can allow threat actors to bypass email security solutions, directly exposing organizations to malicious emails. Barracuda and Proofpoint clients had the highest misconfiguration rates, with nearly 12% of companies affected. While currently unexploited at scale, these vulnerabilities could easily become significant attack vectors.
The Anatomy of Modern Financial Fraud
Email fraud, particularly business email compromise (BEC), poses severe risks due to its sophistication. The report highlights that BEC tactics often involve threat actors hacking into a victim’s email, researching the company and its vendors, and then intercepting or redirecting high-value transactions. In 64% of these cases, threat actors impersonate a third party, making fraud detection challenging. Only about 10% of incidents involve unknown vendors, making it clear that attackers frequently target known business relationships.
Fraud Beyond Cash: Stolen Goods
At-Bay’s analysis also revealed that financial fraud isn’t limited to stolen funds. In 4.5% of cases, fraudsters successfully redirected goods to fraudulent addresses. Items such as beauty products, paper towels, and Christmas decorations were delivered to threat actors without payment. This evolving tactic demonstrates the need for businesses to apply stringent verification measures not only for monetary transactions but also for high-value goods transfers.
Recommendations for Businesses
At-Bay’s report suggests that choosing secure email platforms, such as Google Workspace, and using effective security solutions like Mimecast or Proofpoint can significantly reduce email-based risks. Regular reviews of vendor relationships, stringent verification protocols, and proper email configuration are essential.
To mitigate financial losses, companies should consider cyber insurance that covers financial fraud and facilitates fund recovery. From 2023 through mid-2024, At-Bay helped its clients recover over $61 million in stolen funds, highlighting the importance of a rapid response in managing financial fraud.
Conclusion: Addressing Email Risks Through Data-Driven Insights
At-Bay’s 2024 InsurSec Rankings Report underscores that email security is crucial in defending against today’s cyber threats. As businesses increasingly rely on email for daily operations, selecting secure platforms and robust security solutions is essential. The report’s insights empower businesses to make informed decisions, reduce cyber risks, and protect their bottom line in an evolving threat landscape.
Other News: Email Fraud Dominates Cyber Claims in 2023: Coalition Report(Opens in a new browser tab).
Other News: