Email breaches cost Australian firms AUD $436,307 on average

A significant proportion of Australian organisations have been impacted by email security breaches in the last year, with those slow to respond facing markedly higher risks of ransomware attacks, according to research from cybersecurity company Barracuda.

The Barracuda 2025 Email Security Breach Report, drawing on responses from 2,000 IT and security decision-makers across North America, Europe, and Asia-Pacific, found that 76% of surveyed Australian organisations reported an email security breach over the past 12 months.

The average financial cost of these breaches to Australian organisations was calculated at AUD $436,307, based on the reported figure of USD $283,984 adjusted for currency equivalence. For smaller businesses with between 50 and 100 employees, the average cost per staff member was USD $1,946, while larger enterprises employing between 1,000 and 2,000 people experienced an average per capita cost of USD $243.

The report highlighted several consequences following email security incidents. Nearly half of affected organisations, 49%, endured reputational damage, while 23% lost new business opportunities, impacting growth and long-term prospects.

Australian organisations also cited considerable challenges in responding effectively to email threats. Among respondents, 50% indicated that a lack of automated incident response delayed the detection, containment, and removal of threats. Additionally, 48% reported that advanced evasion techniques used by attackers presented significant obstacles to a rapid response.

Just half of those surveyed said their organisation detected email security breaches within an hour of their occurrence. The report established a link between response times and further risk, revealing that companies taking nine hours or longer to address an email breach faced a 79% likelihood of suffering a subsequent ransomware attack.

These findings are consistent with global trends in email-related cyber threats. The survey data showed that, worldwide, 71% of organisations that suffered an email breach were also targeted by ransomware within the same year.

Industry perspectives

Dan McLean, Country Manager for Barracuda ANZ, underscored the ongoing critical role email plays in business communications and the corresponding risks. "Email continues to underpin how organisations communicate with customers, suppliers, citizens and colleagues. It remains the entry point of choice for cyber-attacks," explains Dan McLean. "As our local data privacy laws strengthen organisations will require intelligent measures to safeguard business critical and customer data."

"Email security is no longer just about stopping spam or mass phishing - it's about preventing the first domino from falling in a cyberthreat chain that could end in operational paralysis, data loss, reputational damage and longer-term business impacts," said Neal Bradbury, chief product officer at Barracuda. "Responding quickly and effectively to email breaches is critical to overall cyber resilience. This can be a challenge for many organisations. The findings show that the ability to detect and neutralise email incidents is often hampered by increasingly complex and evasive attacks, internal skills shortages, a lack of automation, and more. A unified approach to protection centred on a strong integrated security platform is vital."

The report further emphasised that local businesses are encountering mounting difficulty in keeping pace with the changing nature of cyber attacks. The lack of skilled personnel, combined with the sophistication of modern email threats and deficiencies in automation, reduces organisations' speed and capability to neutralise incidents effectively.

These factors collectively highlight the necessity for organisations to examine their current email security and response strategies, with industry stakeholders advocating for integrated security platforms and improved incident response frameworks as essential to reducing the risks and impacts of future breaches.