Table of Contents
What happens when you put three seasoned security practitioners in a room with data that shows exactly how many phishing attacks their tools are missing?
You get the kind of honest conversation most vendors don't want you to hear.
I just hosted a webinar that felt more like eavesdropping on a coffee shop conversation between security veterans than your typical vendor pitch-fest.
Jason Phillips (Sensient Technologies), Jeff Rader (Hoosier Energy), and Michael Kobrowski (SMC) joined me to dig into some research that's been making waves... SEGs are missing 67.5 phishing attacks per 100 mailboxes every month.
That number hit different when it came from practitioners who'd lived through the pain.
The "We Had No Idea" Moment
The most telling part? None of these guys knew how bad their visibility gap was until they had a way to measure it.
Jeff's reaction was particularly memorable: "We were getting 10-15 misses a day that...became obvious once we could see them." Jason discovered his SEG was letting through 6,500 phishing emails in a single week. Michael admitted he was initially hesitant about "another tool" but got convinced quickly when he saw what was slipping through.
Before having visibility into what their SEGs missed, they relied on what Jason called "sharp eyes" - that one reliable employee who'd spot the suspicious stuff (we've all worked with that person).
The Maintenance Reality Check
One insight that landed hard: why smaller organizations get hammered worse. The data shows companies with 1-99 mailboxes face 751 missed attacks per 100 mailboxes from Barracuda alone.
That's not a typo.
Jason nailed the explanation...smaller teams can't babysit their SEGs the way larger organizations can. They don't have dedicated staff constantly tuning rules and managing whitelists. So, while the tools work the same way, the outcomes are dramatically different.
The Three-Quarantine Problem
Jeff dropped what might have been the line of the webinar: dealing with "three quarantine places is a drag."
Anyone who's managed email security knows this pain. You've got quarantine in your SEG, quarantine in M365/Google, and users asking where their emails went. Meanwhile, you're playing detective across multiple systems trying to track down that "urgent" message from the CEO that turned out to be legitimate.
The group wrestled with this exact tension during our discussion. As Jason put it: "There's a balance there...defense in depth versus having three places to go find something." Everyone gets that email filtering is a requirement, but the operational complexity of managing multiple layers can become its own problem.
Jeff's perspective captures it perfectly: you need the protection, but the simpler you can make the investigation process, the better off your team will be.
The Buzzword Winner
When we asked which industry buzzword makes them hit delete fastest, "AI" won decisively. Not because they're anti-technology, but because they're tired of vendors slapping "AI-powered" on everything without explaining what it actually does. And yes, I see the irony too, but TBC, we've been using (home-grown) AI in our email security platform for almost 10-years.
Michael summed it up: vendors need to show, not tell. Real data beats marketing speak every time.
What Actually Triggers Change
The conversation about what finally pushes security teams to look for better solutions got real, quickly. Between breaches, phish clicks, VIP complaints, and increasing time spent on email tickets...it's usually all of the above, plus the realization that you're flying blind.
As one panelist put it: "You find out when something bad happens" isn't a strategy anyone wants to stick with.
The Whitelist Vulnerability That Everyone Knows
Before diving into the numbers, Jason shared a story that'll sound familiar to anyone managing email security. When they used Proofpoint, they'd whitelist trusted vendors and partners. Standard practice, right?
Then one of those whitelisted companies got compromised.
"They would walk right in," Jason explained. "So it's nice to not have that anymore. When people say I need this whitelisted, I say, no. We don't do that. We'll evaluate the threat when it comes because we know it is coming at some point." (watch the video clip below)
That's the allowlist weakness problem in action, and it shows up in the data.
The Numbers Don't Lie
The research covered 1,921 IRONSCALES customers who also use SEGs, so we could measure exactly what traditional gateways miss:
- Barracuda: 101 missed attacks per 100 mailboxes monthly
- Proofpoint: 68.4 missed attacks per 100 mailboxes monthly
- Cisco: 51.6 missed attacks per 100 mailboxes monthly
- Mimecast: 38.4 missed attacks per 100 mailboxes monthly
What's getting through? Primarily credential theft (32.8%) and vendor scams (34.3%), the exact threats that bypass traditional rule-based detection.
Jason's whitelist story suddenly makes a lot more sense when you see vendor scams topping the list.
Want to See What You're Missing?
Curious about your own environment? We built a calculator that uses this same research data to estimate what your SEG might be missing. Takes about 8 seconds and uses real numbers from organizations like yours.
Try the SEG Missed Attacks Calculator →
Watch the Full Conversation
The 30-minute recording captures the complete discussion, including the war stories we couldn't fit here. No sales pitch, just practitioners sharing real experiences with real data.
Watch the Hidden Gaps Webinar →
Get the Research Details
The full whitepaper breaks down the methodology, vendor-specific findings, and attack type distributions. It's the kind of data you can actually use in budget discussions.
Download the Hidden Gaps in SEG Protection Report →
Sometimes the most valuable insights come from admitting what you don't know. In this case, most security teams don't know how many attacks their SEGs miss each month. Now you can find out.
Explore More Articles
Say goodbye to Phishing, BEC, and QR code attacks. Our Adaptive AI automatically learns and evolves to keep your employees safe from email attacks.