Proofpoint: why email is the top cybersecurity threat in 2021

Proofpoint: email is the top cybersecurity threat

2020 has seen the acceleration of cloud migration and, with it, a change in the tactics of cybersecurity attacks. Top Business Tech takes a closer look at Proofpoint’s report Reimagining Email Security to discover how these attacks have shifted. 

According to Statista, over 102.6 trillion emails are sent each year. Even with the rise of several new communication platforms, email remains at the heart of communication and cybersecurity risk. In Proofpoint’s report Reimagining Email Security, over 90% of cyberattacks begin with email.

The current state of business email

As we have seen across all industries, the outbreak of the coronavirus pandemic has accelerated a shift from office to remote work. This shift has accelerated the adoption of cloud technologies. With 71% of companies using the cloud or hybrid cloud email, the number of malicious messages sent in 2020 has skyrocketed. Attackers sent almost 60 million emails hosted via Microsoft Office 365 and sent just under 90 million via Google in 2020. Compromising cloud accounts enables attackers to access emails, contacts, calendars, and key information with much more ease than attacking infrastructures. The reason for this is that it is easier to compromise a user than an organisation’s infrastructure.

Security challenges posed by cloud migration

In addition to the threats posed by the use of cloud services, the last year has also seen a considerable uptake in the use of email on mobile devices. The adoption of mobile devices poses new challenges for organisations looking to defend their networks, as mobile lacks user reinforcement. For example, IT leaders cannot install reporting options on mobile devices, which prevents the ability to warn other users of malicious emails seamlessly. These new threats emphasise the need for email and cloud protection more than ever.

Email threats businesses need to protect against

Three key threats stand to damage businesses in 2021:

– Ransomware

– Phishing

– Business Email Compromise (BEC)

In 2020, over 60% of businesses experienced a ransomware attack. Similar to this, according to Proofpoint’s “2020 State of the Phish Report”, 57% of organisations experienced a successful phishing attack in 2020. This number of attacks is over double the reported attacks from 2019.

People are the key to protection

As individuals are the easiest point of access to an organisation’s data, it stands to reason that the key to protection is people. Attackers understand that humans are more fallible to compromise as they often struggle to differentiate a harmful email from a trusted one.


Proofpoint’s The Human Factor Report confirms that over 99% of today’s cyberattacks are human-activated. To mitigate against this, Proofpoint emphasises the need to know who an organisation’s Very Attacked People (VAP) are, how they are targeted, and who are vulnerable to such threats. In addition, organisations need to focus on protecting four points of access: Email, Cloud, Users and Suppliers. The most efficient solution to defend against these threats is to implement an integrated threat protection platform.  

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Unlocking productivity and efficiency gains with data management

Russ Kennedy • 04th July 2023

Enterprise data has been closely linked with hardware for numerous years, but an exciting transformation is underway as the era of the hardware businesses is gone. With advanced data services available through the cloud, organisations can forego investing in hardware and abandon infrastructure management in favour of data management.