There are a few companies that frequently report on so-called "email security gap analysis" numbers: Mimecast, Proofpoint and Cyren. They are all IT security companies that have email filtering products, and mostly the reports they publish are about competing filtering products. They want to show these numbers are high, suggesting that their own products are better.
KnowBe4 has been reporting on these gap analyses, because it shows that there's much more unwanted traffic that lands into your users' inbox than you'd like. For instance, Mimecast in December 2018 claimed the gap—meaning spam, phishing and malware making it through—was 12 percent. December 14, Cyren claimed the miss-rate was 10.5%, and earlier in 2018, Cyren showed it was a whopping 15%.
Turns out that these numbers vary over different time periods, which of course could very well coincide with major spam campaigns starting and ending.
Cyren came out with a new report in Jan 2019 where they summarized a 2-year Email Security Gap Analysis study. They engaged with a diverse set of organizations through its program to assess the effectiveness of their current, live email security infrastructures. This report summarizes the results from a cross-section of 15 such engagements conducted in 2018, in which Cyren examined 2.7 million emails that were classified as clean by their existing email security systems and delivered to user mailboxes. Every email was also copied to Cyren for analysis.
Companies included in the tests were from a variety of industries and used several different types of email security, ranging from on-premises appliance gateway solutions to hosted email, such as Office 365 or G-Suite. The percentages discussed in this report are therefore averages which serve as a reference.
As discussed further below, Gap Analysis results can vary significantly, even between companies using the same security solution.
Of the 2.7 million emails analyzed by Cyren, 2.48 million (92.8%) were found to be correctly classified as “clean” or legitimate. For the purposes of the assessments, emails classified as graymail, such as newsletters, were considered clean, since their categorization is subjective.
7.2% Miss Rate Breakdown
Of this total, 191,819 (7.2%) were found to be spam or malicious messages that were missed by the deployed solutions, also called “false negatives,” and should not have been delivered to user mailboxes. This 7.2% “miss rate” broke down into spam. phishing and malware. Here is the infographic:
Whatever the miss rate is, be it 7%, 10.5, or 15%... it is way too much. The problem is that spam filters are by definition on the defense, and need to be right 100% of the time. We all know that is impossible. That is why you need to create a strong human firewall that is your last line of defense. Here is the full cyren report in a PDF format.
PS: I'm super excited about the new PhishER release. If you are responsible for investigating suspicious emails reported by your users, check out this a brand-new KnowBe4 product that helps you prioritize and manage potentially malicious messages. You can identify and respond to email threats fast and it is a huge time-saver. Scroll down and see the live threat map that shows employees reporting suspicious emails with the free Phish Alert Button: