Sydney, Australia – 29 October, 2025 — Barracuda Networks, Inc., a leading cybersecurity company providing complete protection against complex threats for all size business, has released new research showing that organisations taking longer than nine hours to address an email security breach have a 79% chance of also being a victim of ransomware. The new Email Security Breach Report 2025 found that most of the Australian organisations surveyed (76%) experienced an email breach in the previous 12 months, with the average cost to recover reaching $283,984 USD (approx. $436,307 AUD).
Smaller businesses are hit especially hard. Companies with 50 to 100 employees incur costs of on average $1,946 USD per person, while larger organisations with 1,000 to 2,000 staff see average costs of $243 USD per employee.
The survey also shows that despite the need for rapid incident detection and response, many companies struggle to achieve this. Respondents cite the increased complexity of email threats, skills shortages and the lack of automated incident response as obstacles that make it difficult to quickly identify and remove threats.
The report is based on the findings of an international survey undertaken by Barracuda with Vanson Bourne, gathering insights from 2,000 IT and security decision-makers across North America, Europe and Asia-Pacific.
Key Findings
- 76% of Australian organisations experienced an email security breach in the previous 12 months
- 49% of Australian organisations suffered reputational damage, and 23% lost new business opportunities, harming growth
- $283,984 USD (approx. $436,307 AUD) is the average cost of responding to and recovering from an email security breach in Australia
- 48% of Australian organisations say advanced evasion techniques are an obstacle to rapid incident response
- 50% of Australian organisations say the lack of automated incident response delays the detection, containment and removal of threats
- Globally, 71% of organisations that experienced an email security breach were also hit with ransomware during the year
- Only 50% of organisations detected the breach within an hour
- Organisations taking 9 hours or more to fix the breach have a 79% chance of also being hit with ransomware
“Email security is no longer just about stopping spam or mass phishing — it’s about preventing the first domino from falling in a cyberthreat chain that could end in operational paralysis, data loss, reputational damage and longer-term business impacts,” said Neal Bradbury, chief product officer at Barracuda. “Responding quickly and effectively to email breaches is critical to overall cyber resilience. This can be a challenge for many organisations. The findings show that the ability to detect and neutralise email incidents is often hampered by increasingly complex and evasive attacks, internal skills shortages, a lack of automation, and more. A unified approach to protection centred on a strong integrated security platform is vital.”
Methodology
Barracuda commissioned independent market research company Vanson Bourne to conduct a global survey of 2,000 senior security decision-makers in IT and business roles in organisations with between 50 and 2,000 employees from a broad range of industries in the U.S., UK, France, DACH (Germany, Austria, Switzerland), Benelux (Belgium, the Netherlands, Luxembourg), the Nordics (Denmark, Finland, Norway, Sweden), Australia, India, and Japan. The fieldwork was conducted in April and May 2025.
