Email Security
We've curated 92 cybersecurity statistics about Email security to help you understand how phishing attacks, malware, and advanced authentication practices are evolving in 2025, ensuring your communications remain safe from emerging threats.
Showing 41-60 of 92 results
76% of initial infection URLs in abalyzed phishing attacks were unique and have not appeared in other campaigns across Cofense's customer base.
Conversational attacks comprise 18% of all malicious emails.
Stolen login credentials led to the most damaging email-related healthcare breaches in 2025, exposing more than 630,000 patient records.
Impersonation made up 82% of all BEC incidents in Q4 2025.
In 2025, a malicious email attack occurs every 19 seconds, more than doubling from 2024’s pace of one every 42 seconds.
Diversion tactics (fraudulent invoices, fake payroll requests) accounted for 18% of BEC incidents in Q4 2025.
In Q4 2025, Business Email Compromise accounted for 51% of all email fraud cases.
In Q4 2025, callback phishing increased from 3% to 18% of all phishing incidents, a 500% spike.
In Q4 2025, CEOs and senior executives accounted for 50% of impersonation-based BEC emails and 41% of total BEC incidents.
Less than one-fifth of total healthcare email incidents involved identity abuse via stolen credentials, yet these remained the most damaging type of attack.
Approximately 17% of healthcare email breaches were the result of phishing-driven mailbox takeovers.
DocuSign accounted for more than 20% of all advanced email attacks analyzed.
77% of advanced email attacks impersonated business-critical brands such as DocuSign, Microsoft, and Google.
100% of advanced email threats bypassed incumbent email security, including Microsoft E3/E5 and leading secure email gateways.
77% of advanced email attacks failed SPF, DKIM, or DMARC authentication yet still reached inboxes.
Approximately 3 million email addresses in the healthcare sector may be at risk of exposure to cyberattacks due to unverified email delivery practices.
Approximately 4.5% of outbound healthcare email connections were delivered to servers with expired or self-signed certificates.
Approximately 45% of advanced email attacks showed indicators of AI assistance, projected to rise to 75–95% within the next 18 months
68.8% of healthcare organizations analyzed had a 'Medium Risk' email security posture.
31.1% of healthcare organizations analyzed had a 'High Risk' email security posture.