Most firms hit by email breaches face ransomware too

Barracuda Networks, a cybersecurity company specialising in protection against complex digital threats for organisations of all sizes, has released new research indicating that organisations taking longer than nine hours to address an email security breach face a 79% likelihood of also falling victim to ransomware.

According to the Email Security Breach Report 2025, 75% of organisations in India and 78% worldwide experienced an email breach in the past year, with the global average cost of recovery reaching USD 217,068. Smaller businesses were found to be particularly vulnerable: those with between 50 and 100 employees incurred average costs of USD 1,946 per person, while larger organisations with 1,000 to 2,000 employees saw average costs of USD 243 per employee.

The research highlights that, despite the growing need for rapid detection and response, many organisations still struggle to manage incidents effectively. Respondents cited the increasing complexity of email threats, shortages of skilled security professionals, and limited automation of incident response as key challenges that hinder their ability to identify and contain threats quickly.

The findings are based on an international survey conducted by Barracuda in partnership with Vanson Bourne, gathering insights from 2,000 IT and security decision-makers across North America, Europe, and the Asia-Pacific region.

 Almost half suffered reputational damage, 46% in India and 41% globally, and many reported losing new business opportunities as a result. Only half of the surveyed organisations detected breaches within an hour, and those taking nine hours or more to resolve incidents were significantly more likely to experience ransomware attacks.

Advanced evasion techniques were identified as the main barrier to rapid incident response by 52% of Indian and 47% of global respondents. Additionally, 44% of organisations worldwide reported that the absence of automated incident response systems delayed detection, containment, and removal of threats.

“Email security is no longer just about stopping spam or mass phishing—it’s about preventing the first domino from falling in a cyberthreat chain that could lead to operational paralysis, data loss, reputational damage, and lasting business disruption,” said Neal Bradbury, Chief Product Officer at Barracuda. “Responding quickly and effectively to email breaches is essential to maintaining cyber resilience. However, the findings show that many organisations face significant challenges due to complex and evasive attacks, limited internal expertise, and insufficient automation.”