Almost Half of Businesses Are Making a Big Email Security Mistake 

November 17, 2022
a white envelope and a black closed paslock appear against a bright bue background with sadows of other envelopes representing email security

MSPs have faced myriad challenges in keeping businesses safe from cybercrime in an increasingly dangerous and volatile threat landscape. The pace of threats businesses face has escalated as well, creating new stress for IT teams at a time when they’re shorthanded. For the Kaseya Security Insights Report 2022, we surveyed more than 600 IT professionals around the world from businesses of all sizes and types to see what we could learn about their top concerns, their biggest security pitfalls and what they’re doing to keep their organizations secure. Unfortunately, using strong email security isn’t one of those things, opening those businesses up to trouble.  


Excerpted in part from the Kaseya Security Insights Report 2022. DOWNLOAD YOUR COPY>> 


52% of orgs rely on built-in email security in Microsoft 365 or Google Workspace  


Due to a steady and continuous rise in phishing and phishing-related cyberattacks, email security has never been more important for businesses than it is now. The wide array of email security choices and configurations for organizations to consider include AI-driven solutions, built-in security and SEGs. Just over half of our survey respondents said that they rely on the built-in security in Microsoft 365 or Google Workspace for their email security. Unfortunately, those old-fashioned solutions just don’t have what it takes to spot and stop today’s threats like sophisticated spear phishing messages. Security tools like Microsoft 365’s built-in security and the five leading secure email gateways (SEGs) miss up to 65% of targeted spear phishing messages.

Our survey shows that many companies aren’t investing in email security, and that’s a big mistake. The phishing rate has never been higher, and those malicious messages are carrying devastating threats like ransomware that can cripple an organization. In a time of escalating email security threats, many companies could stand to gain by upgrading their email security. Just over a third of respondents said that their company uses a SEG. Automated, AI-powered email security catches more threats than built-in security or a SEG and can be added to their current setup effortlessly. What’s especially shocking here is that 7% of respondents said that their company doesn’t use an email security solution at all — a dangerous proposition.  

What type of email security solution do you use? 

Solution Responses  
We use built-in security with Microsoft 365 or Google Workspace 52%  
We use a SEG  35%  
We do not use an email security solution  7%  
We use a type of email security that is not listed  6% 

Source: Kaseya


See the state of email security in 2022 and the threats that should be on your radar in 2023. GET EBOOK>>


23% of respondents said their companies use a combination of built-in Microsoft 365 and AI email security  


Companies are not adopting new technologies as quickly as they should, leaving quickly fixed security holes for cybercriminals to exploit in easy reach. Even though AI-based API email security solutions offer major advantages and cost savings over other types of email security, most businesses are still using last-gen technologies like secure email gateways (SEGs) or built-in platform security. With the volume of email security threats that companies face every day increasing, that’s not a smart move. Old technology can’t handle today’s threats.  

As phishing risk steadily rises and email security challenges proliferate, many companies are making the choice to double up on email security. That’s a smart move. A quality API email solution will seamlessly integrate with Microsoft 365 or Google Workspace. Half of our survey respondents said that their company uses more than one email security solution, opting for a combination of Microsoft 365 and either an SEG (26%) or an AI-based email security solution (24%). Another 40% have elected to use only one solution for all of their email security needs. Interestingly, just over 5% of survey respondents said that their company uses a SEG paired with an AI-based security solution instead of relying on built-in security for any of their email security needs.  

Do you use more than one email security solution to protect your organization from phishing and other email-borne attacks?  

 Responses  
Microsoft 365 + SEG    26 %  
Microsoft 365 + AI-based security  24%  
SEG + AI-based security  6%  
We use only one solution  40%  
Other combination  4%  

Source: Kaseya


Get the guide that helps you detect & defeat dangerous BEC attacks to keep your company out of trouble! DOWNLOAD IT>>


35% of survey respondents said phishing awareness is their company’s top training priority   


Phishing is the cyberattack that businesses and their employees see the most, and as we reported last week, it’s the cyberattack that businesses fear the most too. That’s why phishing awareness is the No. 1 training priority for one-third of survey respondents. Employees are notoriously bad at spotting sophisticated phishing threats – 97% of workers cannot identify sophisticated phishing messages. It’s true that studies show that regular training significantly improves an employee’s ability to identify and handle security threats like phishing. Training is a powerful weapon across the board for businesses to employ in the war against cybercrime. But that won’t solve a company’s phishing problems. Only smart email security that keeps phishing messages away from employees can do that.

Organizations conducting security awareness training are looking at a wide array of subjects to cover, from good security hygiene to spotting cyberattacks, but phishing dominates the conversation. More than half of our survey respondents cited phishing as their primary security concern. They’re structuring their training programs to reflect that, with about one-third of survey respondents saying that their organization prioritizes phishing awareness training. Data privacy and protection is the second most popular training theme, with just under one-quarter (24%) of respondents making it a training priority. Security best practices are the third most popular training topic, beating out compliance and other security subjects. 

What are the most important training topics for your organization

Training Topic Responses 
Phishing awareness    35%   
Data privacy & protection    24%   
Security best practices (e.g., password protection)   23%   
Compliance    14%   
Other    3%   

Source: Kaseya


Learn how incident response planning boosts cyber resilience & security. GET THE EBOOK>>


Graphus Catches Threats Other Security Misses 


Graphus’ AI-powered email security is a powerful defense against today’s most spine-chilling email-based threats. Compared to built-in email protection or an SEG, automated, API-based email security solutions like Graphus prevent 40% more spear phishing messages from reaching an employee’s inbox. Here’s how:       

  • TrustGraph is a powerful shield between employee inboxes and malicious messages. This proprietary technology uses more than 50 distinct data points to discover sophisticated phishing messages, even zero-day attacks.        
  • EmployeeShield displays a bright, prominent box on suspicious messages, reminding them to be cautious. Employees can designate a message as genuine or malicious with a single click.        
  • Phish911 makes it simple for employees to report any message that they don’t think is safe. When an employee reports a potentially malicious email, the message is immediately removed from everyone’s inboxes.         
  • Simple deployment and effortless integration via API with Microsoft 365 and Google Workspace.    
  • Half the price of the competition.    

Learn more about Graphus


Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus