Performance of email security slips as email-related cyber incidents increase 30%

Key News Highlights

• Report identifies the leading remote access products linked to elevated claims risk.
• Sophos ranks highest for email security performance for the first time, as Google Workspace maintains top spot for email service providers.
• Managed detection response emerges as the most effective security control for ransomware risk as VPN vulnerabilities surge.

At-Bay, the InsurSec provider for the digital age, today released its 2025 InsurSec Rankings Report, which provides a comprehensive analysis of the two most prominent cyber threat vectors: email and remote access. Based on At-Bay claims data, the report reveals these two threat vectors together accounted for 90% of cyber claims in 2024, when excluding incidents caused by third-party compromises or non-cyber events. The report's key findings highlight a cyber threat landscape where attackers are outpacing traditional defenses, making email fraud prevention and Managed Detection and Response (MDR) critical to driving down losses.

“Email fraud is now one of the biggest drivers of losses, yet most security tools are still focused on phishing links and malware,” said Adam Tyra, Chief Information Security Officer (CISO) for Customers at At-Bay. “Our claims analysis shows nearly all email security solutions performed worse in 2024, and are failing to catch AI-driven fraud emails that look legitimate. Providers must pivot to fraud-specific detection, or companies will keep losing money.”

The findings in this report represent an analysis of more than 100,000 policy years of cyber claims data from 2021 through the first quarter of 2025.

Key Findings

Email

• Email Remains Top Entry Vector for Attacks: Email was the initial entry vector for 43% of all incidents in 2024. The frequency of email claims also continues to surge, increasing by 30% year-over-year in 2024.
• Email Security Performance Broadly Slips, as Sophos Tops Rank for First Time: Nearly every ranked email security solution has seen a year-over-year increase in email claims frequency, except for Sophos, which topped the rank for the first time. The average claim frequency of customers with email security solutions saw a relative increase of 53% year-over-year.
• Google Workspace Continues to Lead in Email Security, Despite Rising Claims: For the third consecutive year, Google Workspace had the lowest average claims frequency compared to Microsoft 365. However, businesses with Google Workspace saw claims frequency more than triple year-over-year, indicating the rising tide of email attacks is impacting even the best-performing providers.
• Most At-Risk Businesses by Revenue Band & Industry Vertical: Larger businesses with revenue between $100M-$500M experienced more than 3X the email claim frequency of those under $25M in 2024. Email attacks disproportionately target the manufacturing sector, which was 3X more likely to incur an email claim than the least targeted sector.

Remote Access

• VPNs a Major Ransomware Vector: In 2024, 80% of ransomware attacks against At-Bay's insureds had a remote access tool as the entry vector, with 83% of those cases involving a VPN device.
• Self-managed VPNs Pose Highest Risk: Businesses using on-premise VPN solutions are nearly 4X more likely to be a victim of a ransomware attack than those using a cloud-based VPN or no VPN at all.
• The Most Risky VPNs in 2024 were from Cisco and Citrix: Businesses using Cisco and Citrix SSL VPNs were nearly 7X more likely to fall victim to a ransomware attack compared to businesses without a VPN detected. This risk level is the highest among the ranked VPN vendors.

Tyra added, “Modern remote access devices are increasingly complex and vulnerable, making ransomware intrusions harder to prevent and more inevitable. Our data shows that the only control consistently stopping full encryption from ransomware is professionally managed detection and response, which is fast becoming the critical last line of defense. MDR services ensure that when attackers gain a foothold, human experts can contain and remediate the threat before it becomes a major loss event.”

With cyber criminals clearly outpacing traditional defenses, At-Bay’s report highlights how technical claims insights can help businesses and brokers identify the products carrying the greatest risk — and make more informed cybersecurity and insurance decisions.

To download the full report and learn how organizations can better protect themselves from cybercrime, visit: 2025 InsurSec Rankings Report: Email and Remote Access.

Other resources:

• 2025 InsurSec Report: All Claims Edition

About At-Bay

At-Bay is the InsurSec provider for the digital age. By combining world-class technology with industry-leading insurance, At-Bay was designed from the ground up to empower businesses of every size to meet cyber risk head-on. At-Bay Insurance Services, LLC provides insurance protection and security prevention solutions to close to 40,000 businesses in the US, safeguarding up to $800B in collective business revenue, and offers coverage by non-admitted insurers for Cyber, Technology Errors & Omissions (Tech E&O), and Miscellaneous Professional Liability (MPL). As a security company, At-Bay offers proprietary security solutions including At-Bay Stance Managed Detection & Response (MDR).

View source version on businesswire.com: https://www.businesswire.com/news/home/20251028246929/en/