Think Your Email Infrastructure Is Doing A Good Job? Think Again!

In their race to beat cyber-attacks, Cyren have collated the average rates at which enterprise email security systems miss spam, phishing and malware attachments.

As part of their email gap analysis program, Cyren examined 11.7 million emails forwarded by various email security systems to user mailboxes at a variety of companies. The companies selected represented a variety of industries and used several different types of email security, ranging from on-premises appliance gateway solutions to hosted email with some level of security filtering embedded in the service.

Out of 11.7 million emails inspected they found…










1,187,408 emails delivered to users were found to be spam emails equating to 10.2% of the total email traffic. Spam is unsolicited bulk email, usually identified by content scanning techniques or by sophisticated pattern detection applied to elements of the email itself and email distribution patterns. It’s worth noting that the spam category does not include legitimate newsletter emails.


34,143 emails or 0.29% of the email delivered to users was found to be phishing emails. From this total, Cyren identified 18,070 messages as financial phishing emails, 5,456 as password phishing emails, and 10,617 as general phishing.


5,039 emails delivered to users were found to have malware attachments. While this represents a small percentage of the total email delivered (0.04%), the high level of risk associated with malware actually delivered to users makes this of great concern.

Of these 5,039 messages, two-thirds included attachments with recognised malware signatures. These previously known threats could include ransomware, key loggers, rootkits, trojans, viruses, and worms.

1,650 of the malware emails delivered to users by the various systems were ‘zero-day’ malware attachments, i.e., new malware with no previously known malware signatures.


The results above are averaged across many companies each using different deployed security systems. However, it is important to note that even when the email security system is the same, results can vary widely depending on the organisation’s type of activity and user profile, and by security configuration choices made. The three mini ‘case studies’ presented below compare the results for different organisations that had deployed security from the same vendor. The percent of malicious emails (phishing + malware) making it through to users was double the rate for a university, compared to the two example businesses shown, which showed similar rates.

 Case Study 1
Food Distribution
Case Study 2
TV Broadcasting
Case Study 3
Major University
No. of email users1,0005,00030,000
Spam emails not blocked37,688313,446587,238
% spam9.0%8.0%18.9%
Malicious emails not blocked92012,6621,059
% malicious0.33%0.32%0.03%

This image has an empty alt attribute; its file name is Screenshot-2019-07-19-at-14.50.05.png

  • Cyren Email Security Gap Analysis was developed as a tool to evaluate the email security performance of various email security appliances and services.
  • This performance is compared to threat detection by the Cyren security cloud, which has the benefit of real-time intelligence from processing over 25 billion web and email transactions daily, and blocks over 300 millions transactions every day.
  • Given the increasingly dangerous nature of today’s threat environment, Cyren works with companies to identify if their existing security infrastructure or hosted email service is potentially delivering unwanted or dangerous emails to user, calculating a ‘Miss Rate’ to quantify the results.
  • The gap analysis relies on Cyren’s cloud infrastructure to examine the existing email security system, and all messages subsequently forwarded to users’ mailboxes are ‘blind carbon copied’ to Cyren’s system for automated analysis.
  • Emails classified as ‘clean’ are automatically and immediately deleted, and those that are identified as spam or containing a threat are sorted and placed into folders in an administrative mailbox for company review.


Businesses interested in testing the effectiveness of their web security can use Cyren’s publicly available web security diagnostic which returns results in less than 30 seconds on your enterprises’ ability to block several types of virus, botnet, and phishing threats. Complete this form to read a copy of the full report and request a security gap analysis.


Cyren’s security cloud service detects web and email-based threats as they emerge on the internet and blocks them globally within seconds even before they reach users. Cyren’s suite of services offers businesses the world’s fastest, most accurate security. For further information about how you can take advantage of Cyren’s services, get in touch today.