Less than one third of all email traffic in the first half of the year was genuine, ‘clean' email which ended up being delivered to an inbox, according to FireEye.
The security company's half-yearly email security report said that only 32% of email was sent through to the recipient, with 58% of malicious mail blocked by threat intelligence solutions, and 10% stopped by advanced attack protection systems.
The report also found that 1 in every 101 emails had malicious intent, while 91% of all cybercrime incidents are initiated by an email.
The FireEye Email Threat Report is compiled from analysis of half a billion emails screened by FireEye solutions from January to June 2018.
The company noted that actual malware, including email containing viruses, adware, Trojans, spyware, ransomware and so on only makes up 10% of email attacks. The other 90% of blocked attacks, such as impersonation, fraud and phishing attempts do not rely on a malware component in the email.
"Not only is email the most pervasive form of communication, it is also the most popular vector for cyberattacks. This makes email the biggest vulnerability for every organisation," said Ken Bagnall, vice president of email security at FireEye. "From malware to malware-less attacks including impersonation attacks like CEO fraud, a single malicious email can cause significant brand damage and financial losses. By choosing an email security solution with features based on real-time knowledge gained from the frontlines, and by teaching users to always ensure they are communicating with who they think they are, organizations can better defend against attacks."