Articles & Thought Leadership | 5 min read

Enterprise Strategy Group Report Highlights Persisting Weaknesses in Email Security Despite Maturity


Lauryn Cash
Lauryn Cash

Recent report released by Enterprise Strategy Group (ESG) highlights the persisting weaknesses in email security, with 38% of respondents viewing email as the most vulnerable channel to threat actors.

Enterprise Strategy Group Report Highlights Persisting Weaknesses in Email Security Despite Maturity

The recently released Armorblox and Enterprise Strategy Group (ESG) report provides an in-depth analysis of the current state of enterprise email security and the challenges that organizations face in securing their communications channels. The report highlights the critical need for organizations to adopt more robust and comprehensive email security measures to protect against today's advanced email threats, and underscores the importance of prioritizing sophisticated email security as a key component of a comprehensive cybersecurity strategy, particularly as remote work and digital transformation continue to shape the modern enterprise landscape.

Email Remains Channel Most Vulnerable to Threat Actors

When looking at the communication and collaboration mechanisms considered most vulnerable to threats, we see file sharing and cloud storage tools plus messaging in the top four. But by almost 4x, we see email taking the lead by a significant percentage. This vulnerability is likely due to the widespread use of email for both internal and external communications, as well as the sensitive information that may be exchanged through email.

Fig 1: Email considered most vulnerable threat compared to top 8 communication and collaboration mechanisms [source: Enterprise Strategy Group, a division of TechTarget, Inc. eBook, The Freedom to Communicate and Collaborate, April 2023.]

“While most organizations are leveraging six or more tools for communication and collaboration, email tops the list by a wide margin as the channel considered most vulnerable to threat actors.”
- Dave Gruber, Principal Analyst at Enterprise Strategy Group (ESG)

The significant gap between email and file sharing and cloud storage tools (coming in second place at 13%, emphasizes the high level of risk associated with email communication. To combat these risks and the vulnerabilities these collaboration tools present, organizations should look to augment native email security with API-based email security that provide strong email security measures to identify and prevent targeted, email-based attacks.

Other communication and collaboration tools listed: messaging, application-specific workflow communications, video conferencing, shared whiteboarding, shared project management, and shared calendar also pose a certain level of risk. It is best practice for organizations to implement security measures specific to each mechanism – multi-factor authentication, secure messaging and password protection tools, and access control for shared communication and project management tools.

The data gathered from Armorblox and ESG shed light on the importance of prioritizing email security, as it is considered the most vulnerable mechanism for communication and collaboration. It is crucial for organizations to adopt and implement API-based email security that mitigates the risks associated with legacy security tools to ensure the safety and protection of end users, the organization, and sensitive information.

The Gaps in Primary Email Fail to Provide the Necessary Protection to Combat Today’s Threats

The data gathered by Armorblox and ESG highlights the multitude of gaps that still persist in legacy and native email security solutions that many organizations rely on. As the data suggests, these solutions fail to provide the necessary protection to combat today's email attacks, which include both external and internal threats.

In a recent report, Armorblox found that a significant 56% of all email attacks bypassed legacy security filters, indicating the inadequacy of traditional security solutions to detect and prevent new and evolving email-based threats. Additionally, a startling 52% of all attacks involved sensitive user data, highlighting the severity of the consequences of email attacks.

Coupled with the data gathered by ESG, both parties are in agreement that primary email security solutions are ineffective in providing the necessary protection to combat today’s email attacks. The lack of protection, in turn, undermines the efficacy, compliance, and reliability of email communication, leading to potentially severe consequences for organizations.

Fig 2: Challenges experienced with current primary email security solution [source: Enterprise Strategy Group, a division of TechTarget, Inc. eBook, The Freedom to Communicate and Collaborate, April 2023.]

These findings point towards the need for organizations to reassess their email security measures and adopt more robust and comprehensive solutions that address the gaps in legacy and native security solutions. Such measures may include the use of GPT-powered email security solutions that can detect and prevent advanced email threats, including spear phishing, vendor fraud, internal threats and account compromise, and social engineering attacks.

Read the full analysis of the challenges that organizations face in securing their communication channels by downloading the full ESG report.

Download Report

Experience the Armorblox Difference

Get a Demo