New Study from ESG & IRONSCALES Shows Email as Primary Threat Vector Despite Increased Adoption of Collaboration Tools

2023 June 6

Research highlights the importance of creating a security-aware culture on top of advanced detection and prevention technology

IRONSCALES, the leading enterprise cloud email security platform protecting more than 10,000 global organizations worldwide, unveiled the findings of a new research report in collaboration with TechTarget’s Enterprise Strategy Group (ESG). The study, Tackling SaaS Communication and Collaboration Security Challenges: Trends and Strategies for Enterprises, investigates the awareness and capabilities of IT and cybersecurity professionals in countering emerging threats arising from the growing use of cloud-based communication and collaboration tools.

Many tools are being utilized throughout the enterprise to enhance collaboration and communication as employees continue to work remotely or hybrid, and the use of unsanctioned apps adds to the shadow IT problem, increasing potential security risks. Yet, despite the complex nature of managing a multitude of tools, email remains the top security concern (38%) and is still viewed as the most vulnerable communication and collaboration tool within the enterprise. The research conducted by ESG highlights that within the past year, phishing attacks (34%) and business email compromise (BEC) scams encompassing wire transfer fraud, payroll fraud, and payment fraud (26%) rank among the top threats that have successfully circumvented existing security measures.

“While most organizations are leveraging six or more tools for communication and collaboration, email tops the list by a wide margin as the channel considered most vulnerable to threat actors,” said Dave Gruber, Principal Analyst, ESG. “The good news is that organizations are focused on strengthening all communication and collaboration channels collectively, including email.”

The research further uncovers persistent gaps in email security controls, despite efforts to prioritize and invest in this area. Notably, nearly a quarter (23%) of respondents say that their current email security strategy lacks comprehensive security awareness training and assessments. Additionally, a quarter of respondents indicated consistent concern regarding inbound email attacks that evade and breach native security controls.

While many respondents will continue to rely on native security controls provided by their cloud email solution provider, more than a third (34%) report already implementing additional third-party security controls to address these gaps, with another 46% planning to do so in the next 12 months.

“This research is highlighting the reality that there is only so much technology alone can do to protect against advanced phishing and BEC attacks,” said Audian Paxson, Director of Technical Product Marketing at IRONSCALES. “Native tooling can provide some useful table stakes, but stopping advanced phishing attacks requires a more sophisticated set of tooling. Enterprises are recognizing that to thwart emerging threats, especially those leveraging social engineering and AI, they need to complement their AI-powered email security solutions with collaborative human insights.”

The report underscores the continued importance of security fundamentals and best practices that all organizations should adhere to, such as regular assessments for shadow IT, defining clear responsibilities for security and management, and continual analysis of existing security stacks.

Nearly 500 IT and cybersecurity professionals from private- and public-sector organizations throughout the U.S. and Western Europe were surveyed in early 2023 for this report. Click here to download a complimentary copy.


IRONSCALES is the leading cloud email security platform for the enterprise that uses AI and human insights (HI) to stop advanced phishing attacks that bypass traditional security solutions. Its award-winning self-learning platform continuously detects and remediates advanced threats like Business Email Compromise (BEC), credential harvesting, Account Takeover (ATO), and more. As the most powerfully simple email security platform, IRONSCALES helps enterprises reduce risk, boost security team efficiency, and build a culture of cybersecurity awareness. IRONSCALES is headquartered in Atlanta, Georgia, and is proud to support more than 10,000 customers globally. Visit or @IRONSCALES to learn more.


Doug De Orchis
Scratch Marketing & Media for IRONSCALES

Press release originally published by BusinessWire: