Fighting Astounding Volumes of Malicious Email

Author Avatar


Posted on April 26, 2022

Want to interview Gerry?


Over 300 billion emails are sent each and every day, all year long. A trillion emails every 3.5 days.

Good statistics on the percentage of email traffic that is malicious are hard to come by, with spam estimates ranging from 45% to 85%.

A recent report from consumer cyber review firm Comparitech, based on data obtained through Freedom of Information (FOI) requests to UK government organizations, sheds some interesting – if alarming – light on the volume of malicious email received and on “click through” rates.

Malicious Email Received by UK Government

From the information released in response to its FOI requests, Comparitech compiled the following statistics regarding malicious email received by UK government employees.

In 2021, each UK government employee received an average of 2,400 malicious emails, defined as “malware (including ransomware), phishing, and spam emails.” 258 UK government organizations received an aggregate total of an estimated 2.69 billion malicious emails during the year.

On average, 0.32% of malicious emails were opened by their recipients. While that figure sounds trivially small, the huge volume of email results in an estimate of 8.6 million malicious emails being opened.

Of course, not everyone who opens a malicious email clicks through to trigger a potentially dangerous action. The study found that users clicked on suspicious links only 0.67% of that time. Once more, what sounds like a small percentage translates into significant volume. User clicks on suspicious links within malicious emails that they received provided 57,736 opportunities for hackers to gain access to confidential government data or install ransomware on government systems.

It’s important to note that these figures do not include local councils, which experienced similar rates of email-borne danger. Each council employee received an average of 2,140 malicious emails in 2021, for a total of 2.1 billion emails received by 655,038 employees of 322 councils. Council employees were more easily misled than their government-employed peers: 1.79% of the malicious emails were opened, with a malicious link click rate of 0.99%, for a total of 371,493 opportunities for hackers to gain access or install ransomware on local council systems.

What Can We Learn from These Statistics?

We can draw several interesting and valuable conclusions from these figures.

First, spam filters have gotten pretty good and user training is somewhat effective. An impressive 99.68% of malicious emails do not get opened. In fact, thanks to spam filters, it is likely that intended recipients never see most of them. And 99.33% of the times that users open a malicious email, they do not click on suspicious links within.

The problem, however, is one of sheer volume: If in just one out of the 57,736 times that a user does click a link in a malicious email, a ransomware download or zero-day exploit is triggered, the consequences could be very severe, potentially costing many millions of dollars to remediate and/or exposing huge amounts of sensitive data.

According to a blog post from a UK law firm that also obtained information based on a Freedom of Information request, Her Majesty’s Prison and Probation Service had 2,152 data breaches in the 12 months preceding September 2021. UK Research and Innovation reported it was hit with a ransomware attack in January of 2021. While the hackers succeeded in encrypting their data, the organization was able to recover quickly without paying a ransom.

When it comes to cyberattacks, sidestepping danger “almost all of the time” isn’t good enough.

Protecting Against High Volumes of Malicious Email

As the UK government and local council open and click figures demonstrate, the percentage of malicious emails that get past conventional detection-based filters is very small, but still significant. Likewise, the percentage of users who can be lured into clicking on a malicious link, despite regular spam training, is small but considerable. The flood of malicious emails with which organizations are inundated results in absolute figures of malware getting through that are simply unacceptable.

What’s required to protect against these kinds of attacks is a layered approach – one with multiple defenses.

Let the spam filters catch what they can. But rather than placing responsibility on users to spot and avoid increasingly sophisticated phishing emails, turn to new isolation-based security approaches to protect organizations from the malicious email attacks that continue to elude traditional defenses. The ZTEdge Secure Access Service Edge (SASE) platform from Ericom Software offers this type of approach, tailored to meet the needs of both small and midsize organizations, like local councils, as well as larger enterprises. ZTEdge includes Remote Browser Isolation, which eliminates the risk of clicking on the wrong link. It isolates all website content in isolated, cloud-based, one-time use containers, so malware that’s activated cannot infect the user’s device or the organization’s network. Safe rendering data that’s transmitted to the regular endpoint browser enables users to interact naturally with websites and apps.

ZTEdge Web Isolation opens suspected phishing sites in read-only mode to prevent users from inadvertently revealing credentials. Attachments undergo content disarm and reconstruction (CDR) to ensure that any malware within is eliminated before the document is downloaded.

ZTEdge also includes Zero Trust Network Access which microsegments networks to shut down lateral movement and limit the impact of any initial network breach that may occur.

Of course, all organizations – businesses, government agencies, not-for-profit organizations, healthcare organizations and educational institutions – should take care to maintain current, offline, and offsite backups to allow prompt recovery in the event that, despite all best efforts, malware manages to get in.


Malicious emails are the basic “ammunition” used by many cybercriminals since they are effective and essentially free. To successfully defend your organization against the staggering flood of these threats, a multi-layered approach that includes comprehensive Zero Trust capabilities is the best way drastically reduce the odds of falling victim to a data breach or ransomware attack.

To learn more about how Remote Browser Isolation can bolster your email security protections, download a comprehensive white paper about email isolation here.

Share this on:

Author Avatar

About Gerry Grealish

Gerry Grealish, ZTEdge CMO, is a security industry veteran, bringing over 20 years of marketing and product experience in cybersecurity, cloud, analytics, and related technologies. Responsible for marketing and business development, Gerry previously was at Symantec, where he led the product marketing and go-to-market activities for the company’s broad Network Security portfolio. Prior to Symantec, Gerry was at Blue Coat, which he joined as part of Blue Coat’s acquisition of venture-backed Cloud Access Security Broker (CASB) innovator, Perspecsys, where he was Chief Marketing Officer.

Recent Posts

Air Gapping Your Way to Cyber Safety

Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.

Motion Picture Association Updates Cybersecurity Best Practices

The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.

FTC Issues Cybersecurity Warning for QR Codes

QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.