Latest Research Shows 87% Of Respondents Believe Natural Language Understanding Can Stop Targeted Email Attacks

ESG Research Finds Email Security in a State of Transformation as Organizations Struggle With Targeted Inbound Attacks and Accidental Data Loss

CUPERTINO, Calif. — February 25, 2020 — Enterprise Strategy Group (ESG), a leading research and advisory firm, conducted a research survey of 403 IT and security professionals with a focus on email security. Notably, the study found that 87% of respondents believe Natural Language Understanding (NLU) can play a critical role in stopping targeted email attacks.

Most respondents think that email security is in a state of transformation, with 50% looking to implement third-party email security controls to supplement their email providers’ native security capabilities. Survey results also highlighted that organizations were struggling with socially engineered email attacks such as impersonation, payroll fraud, and account takeover.

“Email, and by extension email security, are in a state of flux,” said Dave Gruber, Senior ESG Analyst and primary author of the report. “With the move to cloud-delivered email security and an expanding email threat landscape, many organizations are reconsidering their current email security controls.”

“Although Office 365 was the primary email provider of choice, our research found many organizations using multiple email providers including Exchange and G Suite,” said Gruber. “This underscores the need for third-party email security solutions that can provide consistent controls across multiple email providers.”

Targeted Email Attacks

While spear phishing remains a challenge, the report highlighted the rising threat of targeted email attacks; in these attacks, cybercriminals research their targets before impersonating trusted parties or taking over legitimate email accounts to induce actions that cause financial loss. When asked to assign risk priorities to email attacks:

  • 74 percent of respondents assigned high/medium risk to email spoofing and impersonation.
  • 71 percent of respondents assigned high/medium risk to Email Account Compromise (EAC).
  • 62 percent of respondents assigned high/medium risk to payroll fraud, payment fraud, and similar attacks.

“Cybercriminals today bank on our innate human instincts: we try and respond to people we know, and we try to do our work as quickly and efficiently as possible” said Dhananjay Sampath, CEO of Armorblox, an inbound and outbound email protection platform. “Today’s targeted email attacks weaponize these human instincts and trick us into sharing sensitive information or completing fraudulent payments. The ESG report shows that the impact of these attacks is being keenly felt by organizations. Email security providers need to rise up to this challenge with accurate threat detection that doesn’t bury security teams under a mountain of false positives.”

Email Security Requires Contextual Understanding

The impact of email attacks was felt in myriad ways including the accidental loss of sensitive data (32%), entry points for more sophisticated attacks (30%), and malicious transfer of funds (22%). Survey respondents were encouraged by the inclusion of NLU within email security controls. When asked about email attacks that NLU could help combat:

  • 36% of respondents cited business email compromise attacks
  • 33% of respondents cited email account compromise attacks
  • 28% of respondents cited executive impersonation attacks

“Email security is poised to move beyond simple pattern-matching and metadata-based detection,” said Sampath. “With most attacks hiding the ‘payload’ within the email content itself, security providers need to analyze context in addition to user identity and behavioral patterns to protect against targeted attacks.”

Armorblox will be at the 2020 RSA Conference, showcasing their email security platform at Booth 28 in the Early Stage Expo.


About Armorblox

Armorblox is a cloud-native and content-aware email security platform that protects against targeted attacks such as business email compromise, account takeover, and executive impersonation. Organizations use Armorblox to deploy pre-configured policy actions that block suspicious emails, automate abuse mailbox remediation, and prevent outbound data loss. For more information, visit