IRONSCALES, the AI-powered email security leader, reveals that traditional Secure Email Gateways (SEGs) are failing to catch a concerning number of phishing attempts, leaving organisations vulnerable to increasingly sophisticated attacks.
According to the recently published report from IRONSCALES, security teams across nearly 2,000 customer environments experienced an average of 67.5 additional phishing emails bypassing legacy security solutions per 100 mailboxes each month. These aren't simulated threats but actual attacks that evaded detection by leading SEGs.
The research is going to be unveiled at the RSA Conference 2025, the groundbreaking AI-driven technology bolsters enterprise communications with a critical layer of defense against today’s most sophisticated social engineering attacks
RSAC 2025 attendees can see the technology demoed live by IRONSCALES experts at Booth #4500, in the North Hall.
 |
| SEG missed attacks per 100 mailboxes across different organisation sizes |
The study analysed 30 days of real-world email traffic across diverse organisations and found notable performance variations among SEG vendors. Missed attack rates ranged from 38.4 to 101 per 100 mailboxes monthly, with smaller organisations facing disproportionately higher risk—companies with fewer than 100 mailboxes experienced up to 7.5 times more missed attacks than larger enterprises.
"These aren't hypothetical threats or simulated tests; they're real-world attacks landing in employee inboxes after evading detection by industry leading SEGs," the report states.
The operational impact is significant. Each phishing incident takes approximately 27.5 minutes to resolve, costing $36.29 per event.
According to referenced Osterman Research data, phishing-related activities consume nearly one-third of IT security teams' time, equating to $52,666 per IT/security professional annually just to handle phishing.
The analysis identified vendor scams and credential theft as the most consistently missed attack types, representing 30-42% and 21-41% of bypassed threats, respectively. This reflects attackers' shift toward social engineering tactics that exploit human psychology rather than technical vulnerabilities.
Emerging threats like QR code phishing (Quishing) and image-based attacks are particularly challenging for traditional SEGs, focusing primarily on scanning links and attachments. The report suggests that API-integrated, adaptive protection offers advantages over perimeter-based defenses by continuously learning and evolving alongside the threat landscape.
The consequences of these security gaps extend beyond operational burdens. With 10.4% of users clicking on phishing links when they receive a phishing email, and 6.5% submitting credentials after clicking, organisations face a substantial risk of compromise. For a 1,000-mailbox organisation, this could mean approximately 50 compromised accounts per year from attacks that their SEG missed entirely.
The whitepaper concludes that security leaders should evaluate their SEG's real-world performance and consider implementing adaptive, inbox-level detection systems to catch what traditional filtering systems miss.