- Delayed breach response over nine hours leads to 79% chance of ransomware infection, report notes
- Small businesses face steep recovery costs, up to $2,000 per employee
- Detection is hindered by evasion tactics and lack of automated incident response systems
If a company takes more than nine hours to respond to an email breach, it is almost definitely going to also get a ransomware infection, experts have warned.
A report from Barracuda Networks surveying roughly 2,000 IT and security decision-makers across North America, Europe, and Asia-Pacific found almost four in five (78%) of organizations experienced at least one email security breach in the previous 12 months.
Of that number, 71% were also hit with ransomware. Organizations taking longer than nine hours to address the attack have a 79% chance of getting hit with ransomware, it was said. The average cost to recover from such an attack, according to Barracuda’s Email Security Breach Report 2025, is now $217,068.
Advanced evasion techniques
Ransomware attacks are particularly risky for smaller businesses. Organizations with up to 100 employees end up paying almost $2,000 per person to recover, while those with up to 2,000 staff see average costs of around $240 per employee.
It might seem counterintuitive, but only 50% of victims detected the breach within an hour, Barracuda further explained. This is mostly due to advanced evasion techniques (47%) employed by the attackers, as well as the lack of automated incident response (44%) solutions, which delay the detection, containment, and removal of threats.
For two in five (41%), ransomware resulted in reputational damage, lost new business opportunities, and harmed growth, as well.
"Email security is no longer just about stopping spam or mass phishing — it’s about preventing the first domino from falling in a cyberthreat chain that could end in operational paralysis, data loss, reputational damage and longer-term business impacts,” said Neal Bradbury, chief product officer at Barracuda.
“Responding quickly and effectively to email breaches is critical to overall cyber resilience,” commented Neal Bradbury, chief product officer at Barracuda. “This can be a challenge for many organizations. The findings show that the ability to detect and neutralize email incidents is often hampered by increasingly complex and evasive attacks, internal skills shortages, a lack of automation, and more. A unified approach to protection centered on a strong integrated security platform is vital."
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.