New Email Security Study Shows a Massive 10.5% Failure Rate

The aggregated results of a new email security analysis show over 10% average rate at which enterprise email security systems miss spam, phishing and malware attachments.
The summary of findings encompasses user mailboxes at companies tested in the Email Security Gap Analysis program during September and October 2017.

The gap analysis in a nutshell:

  • Email volume analyzed: 11.7 million
  • Test period: September – October 2017
  • Average miss rate: 10.5%


Companies included in the tests were from a variety of industries and utilized several different types of email security, ranging from on-premise appliance gateway solutions to hosted email with some level of security filtering embedded in the service.

The percentages discussed in this report are industry averages that you can use as a reference. The gap analysis results can vary significantly, even between companies using the same security solution.

  • Out of the 11.7 million emails analyzed in the gap analysis, 10.5 million (89.5%) were found to be “clean” or legitimate, including 4.67 million newsletter emails (over one-third of legitimate email traffic).
  • 1.2 million emails (10.5%) were found to be spam or malicious messages that were missed by the deployed solutions and should not have been delivered to user mailboxes. This 10.5% “miss rate” breaks down into the following categories:


1,187,408 emails delivered to users were found to be spam emails, 10.2% of the total email traffic. Spam in this study is defined as unsolicited bulk email, usually identified by content scanning techniques or by sophisticated pattern detection applied to elements of the email itself and email distribution patterns. As noted above, the spam category does not include legitimate newsletter emails.

Phishing emails were identified in 34,143 emails or 0.29% of the email delivered to users. From this total, the gap analysis identified 18,070 messages as financial phishing emails, 5,456 as password phishing emails, and 10,617 as general phishing.

The gap analysis found 5,039 emails delivered to users were found to have malware attachments. While this represents a small percentage of the total email delivered (0.04%), the high level of risk associated with malware delivered to users obviously makes this of great concern.

Of these 5,039 messages, 3,389 (two-thirds) included attachments with recognized malware signatures. These previously known threats could include but are not limited to, ransomware, keyloggers, rootkits, Trojans, viruses, and worms.

1,650 of the malware emails delivered to users by the various systems were “zero-day” malware attachments, i.e., new malware with no previously known malware signatures
The results presented above represent an average across many companies, and different deployed security systems. But it is important to note that even when the email security system is the same, results can vary widely, influenced by an organization’s type of activity and user profile, and by security configuration choices made.


Your Filters Are Never Going to Catch It All

Your filters are never going to catch it all. You need a strong human firewall as your last line of defense. That is why you should focus on tools such as PhishPro, as you cannot train enough of your employees on security issues related to social engineering, spear-phishing, and ransomware attacks.

For more details on how PhishPro works with no deployment on your Office 365 subscription: