Cost of an email-borne security attack can on average exceed $1.4 million


  • 74% of Australian organisations surveyed experienced a successful email-borne attack in the last 12 months.
  • Recovering from an email-borne security attack can cost victims more than $1.4 million on average.
  • Having a higher proportion of remote workers increases security risk and recovery costs.

Barracuda Networks, Inc., a trusted partner and leading provider of cloud-first security solutions, today published its 2023 Email Security Trends report that shows how email-based security attacks affect organisations both in Australia and around the world. 74% of the Australian organisations surveyed for the report had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1.4 million for their most expensive attack. 25% said that the cost of email-based attacks has risen dramatically over the last year.

The survey, conducted by independent research firm Vanson Bourne and commissioned by Barracuda, questioned 150 Australian IT professionals from frontline to the most senior roles in companies with 100 to 2,500 employees, across a range of industries.

Just under three-quarters of the Australian organisations surveyed had experienced a successful email attack in the last 12 months, and the top impacts of these attacks include downtime and business disruption (which affected 42%), loss of employee productivity (41%), and brand and company reputation damage (37%). The cost of these disruptions averaged more than $1.4 million for the most expensive attacks. Organisations in Australia feel that they are under-prepared to deal with data loss (34%), viruses/ malware (33%), and spam (29%).

There were notable differences between industries across the globe. For example, financial services organisations were particularly affected by the loss of valuable data and money to attackers (cited by 59% and 51% of victims, respectively), while in manufacturing the top impact was the disruption of business operations (53%). For healthcare institutions the recovery costs involved in getting systems up and running again quickly were the most significant (44%). Regardless of size or industry, however, organisations with more than half their employees working remotely faced higher levels of risk and recovery costs.

“Email is a trusted and ubiquitous communications channel, and that makes it an attractive target for cybercriminals. We expect email-based attacks to become increasingly sophisticated, leveraging AI and advanced social engineering in their attempts to get the data or access they want and evade security measures,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Email-based attacks can be the initial access point for a wide range of cyberthreats, including ransomware, information stealers, spyware, crypto mining, other malware, and more. It is not surprising that IT teams around the world don’t feel fully prepared to defend against many email-based threats. Growing awareness and understanding of email risks and the robust protection needed to stay safe will be key in keeping organisations and their employees protected in 2023 and beyond.”

Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda


Get a copy of the report:

Check out the blog post:

Get a copy of Barracuda’s guide to the 13 email threat types and how to defend against them

Barracuda commissioned independent market researcher Vanson Bourne to conduct a global survey of IT managers, senior IT security managers, and senior IT and IT security decision-makers. There were 1,350 survey participants from a broad range of industries, including agriculture, biotechnology, construction, energy, government, healthcare, manufacturing, retail, telecommunications, wholesale, and others. Survey participants were from the U.S., Australia, India, and Europe. In Europe, respondents were from the United Kingdom, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, the Netherlands, Luxembourg), and the Nordics (Denmark, Finland, Norway, Sweden). The survey was fielded in December 2022.