Of an estimated 20.5 billion business emails received each year, about 428 million will represent email threats in the form of malicious links.
That’s according to a 2025 report on business email and Microsoft 365 (M365) cybersecurity from vendor Hornetsecurity.
Daniel Hofmann, chief executive at Hornetsecurity, said the findings highlighted new challenges in the fight against cyber threats.
“While it’s encouraging to see some consistency in attack methods, for defensive purposes, the shift toward more targeted social engineering tactics means businesses must stay vigilant,” he said.
“With over 427 million malicious emails still reaching inboxes, it’s clear that cybersecurity strategies must evolve to stay ahead of increasingly sophisticated threats.”
The report underscored a need for stronger email security coupled with user awareness to keep organisations safe, Hofmann said.
Primary email threats
One third of all received emails were unwanted.
Additionally, phishing remained the top email threat, accounting for a third of attacks in 2024.
The top three malicious file types were HTML files (20.4%), PDFs (19.2%), and archive (17.6%) files.
Although there appeared to have been less use of malicious attachments, reverse-proxy credential theft attacks were on the rise.
These attacks redirect users to fake login pages that capture credentials, bypassing two-factor authentication, according to Hornetsecurity.
Some 22.7% of attacks stemmed from malicious URLs. “Their use surged in 2023 and continues to grow as attackers use them in credential-stealing attempts, [with] tools such as Evilginx.”
But the data continued to show that every industry was under attack – with mining, entertainment, and manufacturing being the most targeted for ransomware attacks and double-extortion scams, the vendor said.
“In 2025, organisations must prioritise basic security practices and embrace a zero-trust mindset to tackle vulnerabilities head on and foster a strong security culture,” Hofmann added.
“This report’s findings should motivate, not deter organisations from focusing on cybersecurity.”
Hornetsecurity offers solutions including its flagship 365 Total Protection for M365 environments.
( Image by Shakti Shekhawat from Pixabay )
