8 KEY Email Hacking Statistics in 2025
Posts by Kelly IndahJune 29, 2023
Emails are a great way to communicate with friends, family, customers, and business contacts.
You can write them while sitting at your computer or from your phone. It’s just as easy to read them.
Of course, it’s not just about written messages, an array of forms and images can be attached, either with a link or as a file attachment.
The popularity of emails is evident when you look at the statistics.
There are over 300 billion emails sent every day!
Unfortunately, the popularity of emails has led to them being targeted by cybercriminals.
They will use a variety of techniques to hack your emails and find out your personal information.
In many cases the cybercriminals will use your email to launch phishing attacks on others.
As the email will appear genuine your friends, family, and colleagues will open the message and click on links.
You probably think it will never happen to you.
However, check out these email hacking statistics and you’ll realize it can happen to anyone.
Key Statistics
- 77% of US businesses don’t have a cybersecurity risk plan
- 1.2% of sent emails are malicious
- 99% of successful email hacks are thanks to victims clicking on links
- 70% of phishing emails have blank subject lines
- 50% of phishing sites use ssl certificates
- Small and medium-sized businesses lose an average of $1.6 million after a phishing attack
- Cybercriminals are capable of penetrating 93% of business networks
- 95% of US businesses have experienced a spear phishing attack
Top Email Hacking Statistics in 2025
1. 77% Of US Businesses Don’t Have A Cybersecurity Risk Plan
It may seem surprising in the” modern digital age, but 77% of US businesses are effectively asking to be hacked. This is because they don’t have a cybersecurity risk plan.
The risk plan identifies the likelihood of an attack and the possible attack types/locations.
It allows a business to develop a response plan, ensuring the right resources are allocated to the attack.
Independent research has shown that businesses with a cybersecurity risk plan can react faster to issues and save themselves up to $1 million on the cost of the breach.
Worryingly, over half of those that do have a risk plan have not updated or reviewed it recently and fail to do so regularly.
Considering how fast technology is changing and how good hackers are at finding new ways to get into your system, a regular review of the risk plan should be considered essential.
(Ponemon Institute)
2. 1.2% Of Sent Emails Are Malicious
A recent report estimated that 1.2% of emails sent are malicious.
That means they are the product of hackers and automated programs, designed to access your personal data and funds.
1.2% may not sound like a lot. But, if you consider that over 300 billion emails are sent a day, that 1.2% represents approximately 3.4 billion malicious emails being sent every day.
Hackers play a numbers game.
The more emails they send the more likely it is they will get someone to click on the link. Even with a low rate of success, that’s hundreds of thousands of successful hacks performed daily!
(Valimail Email Fraud Landscape Report 2019)
3. 99% Of Successful Email Hacks Are Thanks To Victims Clicking On Links
Email hackers have a lot of sophisticated tools at their disposal. However, many of these still focus on one thing, the human connection.
While a human should be sensible enough to avoid clicking on unknown links, for many people curiosity is too powerful. In other words they click, even if they know they shouldn’t
That’s why hackers still target the human connection and create realistic messages, links, and websites.
All someone has to do is click the link and malware can creep into the system. Inputting login details is simply a bonus for a hacker.
These types of hacks are so successful because they rely on social engineering.
That’s mining the web for information about you and then using this to send you what appears to be a trustworthy email.
(ZDNet)
4. 70% Of Phishing Emails Have Blank Subject Lines
Gmail surveyed nearly 100 million phishing emails which they had successfully blocked to look for similarities.
It was surprising to find that 70% of them had no subject line.
This can be considered a tell-tale sign that the email is not genuine.
Yet, despite this many hackers leave the email subject line blank and many receivers simply don’t notice or realize it is important.
The most common topics for phishing emails with subject lines are ‘Fax delivery report’ and ‘business proposal request’.
Both have the potential to be genuine but you simply need to consider whether you have requested either service.
After all, most genuine emails come with something in the subject line.
(Gmail)
5. 50% Of Phishing Sites Use SSL Certificates
It used to be the case that a glance to the top left of the screen would show you that the website was secure.
The website address would be HTML and the SSL certificate would be registered as a lock icon.
Unfortunately, hackers now use this on at least 50% of the phishing sites they create.
It has taken time for hackers to master this technology but now it makes phishing attacks significantly more effective.
After all, for years people have been told to look for the lock sign as this means the page is safe.
Now hackers are using this technology to make phishing sites appear even more genuine.
That makes it more likely that people will fall victim to the scam.
(Phish Labs)
6. Small And Medium-Sized Businesses Lose an Average of $1.6 Million After A Phishing Attack
A phishing attack means data loss. It can also lead to identity theft or extracting credit in the company’s name.
However, one of the biggest threats to a business is the recovery after a successful phishing attack.
Businesses were affected by the loss of data and the resulting financial loss as hackers took credit in the company name.
However, what really costs the business money is the damage to its reputation.
It’s estimated smaller and medium-sized businesses lose $1.6 million after an attack thanks to a loss of confidence in the business.
Customers simply go elsewhere and it can take a long time to win them back.
That’s assuming the business can win customers back.
Roughly 50% of businesses recovering from phishing attacks stop trading within 6-12 months.
(Cloudmark)
7. Cybercriminals Are Capable Of penetrating 93% Of Business Networks
It may seem surprising but, despite upgrades in network security protocols, most businesses don’t have a secure enough network.
A recent survey estimated hackers could get into as many as 93% of business networks.
In most cases entry was via weak passwords, allowing the hackers to access the systems, look at all the information stored, and hack emails.
These are then commonly used for phishing scams.
Of course, once a hacker has got into your system they can pull all your financial records, business information, and personal information for all staff.
That’s enough to allow a hacker to steal multiple identities and potentially hold your business to ransom.
(betanews)
8. 95% Of US Businesses Have Experienced A Spear Phishing Attack
In recent years phishing has diversified, spear phishing has become one of the most popular attack methods.
It’s easy to see why. A recent survey showed 95% of US businesses and 83% of UK ones have experienced a spear phishing attack.
Worryingly, 84% of those attacked report that the attack managed to penetrate their security systems.
In many of these cases the penetration was deep enough that information could be stolen.
In fact, 81% of those that were penetrated were negatively affected as a result of the attack.
A concerning and connected statistic is that 73% of those surveyed didn’t think spear phishing was anything to worry about at the moment.
Although it could be something to think about in the next 12 months.
(Cloudmark)
How To Avoid Having Your Email Hacked
The good news is, despite the increase in email hacking, it is still possible to protect yourself.
You just need to take a few simple steps to protect yourself.
Strengthen Passwords
The most obvious starting point is your passwords. Easy passwords are perfect for hackers, they can simply guess them.
All it usually takes is a little time looking at your social media profiles and other personal data easily accessible online.
This gives the information they need to try a variety of password combinations and work out what your password is.
The simplest way to avoid this is to strengthen your passwords.
Sign up for a password manager which gives you a secure place to store passwords. Then, use the inbuilt password generator to create your passwords.
If you must create them yourself, make sure they are at least 12 characters long, have lowercase and uppercase letters, numbers, and even special characters.
It’s best if the combination is completely random, it makes it virtually impossible to hack.
Check Subject Lines
If you receive an email then check who it is from. Don’t open it unless you trust the sender.
As part of this, take a look at the subject. If it’s empty then ignore the email.
Equally, if the subject doesn’t make sense, proceed with caution. Your friend’s email may have been hacked.
Be especially cautious if the subject line is one of the preferred options used by cybercriminals.
That’s ‘fax delivery report’ and ‘business proposal request’.
Look At Links
If you feel an email is trustworthy and have opened it, that doesn’t mean you should blindly click on any link. Take a look at the link by hovering on it.
This will tell you what page you are going to if you click on it.
In many cases this will show you the link is not genuine.
However, if it appears okay then it’s still a good idea not to click on it: Instead, type the website name in your browser and see what comes up.
It’s always safer to log into your account via a webpage where you have entered the site address and know it to be genuine.
Update Programs
You can increase your protection from email hacking simply by updating all your programs.
This will allow the manufacturers to ensure the latest version of their software.
Manufacturers have teams dedicated to monitoring hacking activity.
They then close loopholes and other issues in the software. Updating your software gives you the best protection possible.
Be Suspicious
The best approach to any email is to be suspicious. If you have any concerns regarding whether it is genuine or not then don’t open it.
Quarantine the email and contact who you think sent it separately.
If they confirm sending it, you can trust the message and open it. If not, placing it in quarantine is the best option.
Summing Up
The email hacking statistics clearly show that hacking is on the rise and it’s a serious concern.
Businesses and individuals can suffer significant financial loss.
That’s why it’s advisable to proceed with caution and take the above simple steps to help keep yourself and your systems safe from email hackers.