As Many as 1 in 7 Emails Make it Past Your Email Filters

Trends in Business Email CompromiseFluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks.

I wrote an article back in April of last year about how 1 in 8 emails make it to a user’s Inbox. That number has remained relatively consistent — so much that even the Threat Insights Report for Q1 2024 from HP Wolf Security shows that stat is still accurate.

But then there’s the Threat Insights Report for Q4 2023. In that report, the percentage of emails getting to the inbox past security solutions was just enough to update the stat to approximately 1 in 7.

I find that so significant, as it indicates that threat actors, phishing attack toolkit developers, and those using AI-based tools are improving their efforts faster than defenses can keep up.

And, yes, the stat went back to the equivalent of 1 in 8 last quarter, but the very fact that we saw 1 in 7 at all means that it’s all a matter of focus for the cybercriminal.

Lastly, don't take refuge in a “1 in 8 email” stat, which is pretty terrifying in its own right. Organizations should not simply rely on security solutions to stop attacks, but recognize that attacks will get to the endpoint where it’s up to users to step in and play a role in protecting the organization. This is something taught and reinforced through continual new-school security awareness training.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews