Email remains a popular way for businesses to stay in touch, but not all emails are created equal. Graymail not only creates gratuitous work for security teams, but also forces end users to walk a fine line between accurately identifying legitimate communications versus malicious recon emails disguised as graymail. Armorblox presents the top five statistics that every enterprise should know about graymail and how to protect end users.
Email remains a popular way for businesses to stay in touch, and as organizations grow, their communication needs grow with them. Unfortunately, not all emails are created equal, and many organizations find themselves inundated with unwanted or irrelevant messages, also known as graymail. These email communications not only create gratuitous work for security teams, but also force end users to walk a fine line between accurately identifying legitimate communications versus malicious recon emails disguised as graymail.
Below, Armorblox presents the top five statistics that every enterprise should know about graymail:
- For organizations that rely on native spam filtering to catch annoying or malicious graymail communications, as much as 56% of these email communications bypass native filters.
- The average employee receives 33% of all graymail communications related to Events (webinars, conferences, attendee lists) and 21% Marketing & Promotional (digests, newsletters).
- Security teams at large enterprises can find themselves spending up to 30 hours each week manually reviewing graymail.
- Employees at large enterprises received 48% of all graymail communications sent in the first half of 2022.
- The average employee at a medium-sized business is still bombarded with graymail communications, receiving only 15% fewer graymail emails than employees at large enterprises.
56% of Graymail Emails Bypass Native Filters
For organizations that rely on native email security filters to catch unwanted email, this statistic is a cause for concern. It means that more than half of the graymail emails are still making it to users' inboxes, creating a significant productivity drain. With more than half of graymail bypassing legacy filters, it's essential for enterprises to consider augmenting these native security measures with API-based email security solutions that utilize large language models, such as GPT, to provide precise protection against today’s emerging email threats and accurately detect legitimate and malicious graymail communications.
33% of Graymail Emails Are Related to Events
Graymail emails related to events, such as webinars or conferences, make up a significant portion of the average employee's inbox, and can take up a significant amount of an employee's time. With so many of these emails vying for attention, it's easy for employees to get bogged down in the noise and miss critical communications. Unfortunately, native email security solutions are often ineffective at identifying, classifying, and filtering out these types of graymail, leaving employees vulnerable to a barrage of unwanted messages. This year, organizations should prioritize a comprehensive email security solution that can accurately identify and filter out these types of graymail, reducing the time and productivity drain on employees.
Security Teams Can Spend up to 30 Hours a Week Manually Reviewing Graymail
Manual graymail review can take up a considerable amount of time for security teams, particularly at large enterprises (more than 10,000 employees). This gratuitous work not only wastes valuable time that security teams could spend on proactive security projects, but also creates an eye sore when hunting and investigating email attacks. Investing in automated email security solutions is critical for security teams to prioritize in 2023, not only to help reduce the time spent on manual review, but to also free up security personnel to focus on critical tasks.
Large Enterprises Receive Almost Half of All Graymail Communications
Large enterprises are prime targets for graymail communications, with employees receiving almost half of all graymail messages in 2022. It's important for organizations of all sizes to take steps to reduce the amount of graymail that land in end users’ inboxes, with an email security solution that automatically identifies and classifies graymail communications – ensuring essential communications and business workflows don't go overlooked or get lost in the shuffle.
Medium-Sized Businesses Receive Only Slightly Fewer Graymail Emails Than Large Enterprises
While large enterprises receive the lion's share of graymail communications, medium-sized businesses are not immune (1,000 - 5,500 employees). In fact, the average employee at a medium-sized business still receives only 15% fewer graymail emails than their larger enterprise counterparts. This sheds light on the importance of implementing effective email security measures and solutions at every level of an organization.
Graymail can be a significant productivity drain for enterprises of all sizes, and, even if not malicious, is a nuisance to both end users and security teams. This is especially true for executives within an organization who receive a disproportionate share of these unwanted emails. One of the biggest challenges with manually reviewing graymail is the high volume of email communications coming into the organization as well as being reported by end users. This is a time wasting result (relying on manual sorting and deletion across the organization).
Armorblox precisely detects and automatically remediates annoying graymail and malicious recon emails to give productivity back to your security teams. Learn more about graymail and other attack trends from the Armorblox Research Team by downloading a copy of our 2023 Email Security Market Report.