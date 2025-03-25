New research report reveals SEGs are missing 67.5 phishing emails per 100 mailboxes monthly

IRONSCALES, the AI-powered email security leader protecting over 15,000 global customers from advanced phishing attacks, today announced the release of a first-of-its-kind research report quantifying the real-world failure rates of Secure Email Gateways (SEGs). The whitepaper, The Hidden Gaps in SEG Protection, draws on data from 1,921 organizations of varying sizes across multiple industries, and reveals that legacy SEG solutions are consistently missing an average of 67.5 phishing emails per 100 mailboxes every month, despite being marketed as front-line defenses.

Unlike vendor-run simulations or static benchmarks, this analysis is based on actual phishing emails that bypassed SEG defenses and landed in user inboxes, only to be detected by the IRONSCALES email security platform, powered by Adaptive AI. The result: hard, empirical evidence of the widening protection gap, and the operational cost that comes with it.

"Security teams have been forced to operate on instinct and anecdote when it comes to SEG performance. This report replaces guesswork with data," said Eyal Benishti, CEO of IRONSCALES. "It's now clear that SEGs are routinely missing real-world threats, and that failure is draining time, budget, and resources."

Key findings from the report include:

High Miss Rates Across Vendors SEG miss rates range from 38.4 to 101 phishing emails per 100 mailboxes monthly.

SEG miss rates range from 38.4 to 101 phishing emails per 100 mailboxes monthly. Smaller Organizations Face Higher Risk Organizations with fewer than 100 mailboxes experience up to 7.5x more missed phishing attacks than large enterprises. But even organizations with more than 7,500 mailboxes still see significant SEG failures, proving no company size is immune.

Organizations with fewer than 100 mailboxes experience up to than large enterprises. But even organizations with more than still see significant SEG failures, proving no company size is immune. Attackers Exploit Human Nature, Not Just Tech Vendor scams and credential theft account for over 65% of missed phishing emails across SEGs-highlighting how rule-based systems struggle with socially engineered threats.

Vendor scams and credential theft account for over of missed phishing emails across SEGs-highlighting how rule-based systems struggle with socially engineered threats. Real Costs, Not Just Risk Each missed phishing email costs an average of $36.29 to investigate and remediate and takes 27.5 minutes of analyst time.

The full report includes breakdowns of miss rates by SEG vendor, organization size, and attack type, offering a first-of-its-kind, data-driven look at how modern phishing attacks evade traditional filters.

The full findings also power the IRONSCALES new SEG Missed Phish Calculator, which allows organizations to estimate how many phishing emails their SEG is likely letting through, along with a breakdown of attack types most commonly missed for their specific size and SEG provider.

"The data validates what CISOs and security teams have known intuitively for years," added Benishti. "Phishing threats have outpaced perimeter-based defenses. If your SEG is still your primary line of defense, you're flying blind. And if SEGs are already struggling with today's socially engineered attacks, how will they handle the next wave of AI-generated phishing and deepfake-driven deception? Organizations need adaptive security that evolves with the threats they see."

The report highlights the limitations of legacy email security tools and makes the case for a modern, adaptive approach, one that combines AI, behavioral analytics, and real-time human feedback to detect attacks SEGs miss. With inbox-level visibility and automated remediation, IRONSCALES empowers security teams to reduce alert fatigue, cut response times, and eliminate costly blind spots.

Download the full whitepaper, The Hidden Gaps in SEG Protection, here.

Explore the SEG Missed Phish Calculator to see how your SEG measures up.

About IRONSCALES

IRONSCALES is the leader in AI-powered email security protecting over 15,000 global organizations from advanced phishing threats. As the pioneer of adaptive AI, we detect and remediate attacks like business email compromise (BEC), account takeovers (ATO), and zero-days that other solutions miss. By combining the power of AI and continuous human insights, we safeguard inboxes, unburden IT teams, and turn employees into a vital part of cyber defense across enterprises and managed service providers. IRONSCALES is headquartered in Atlanta, Georgia. To learn more, visit www.ironscales.com or follow us on X @IRONSCALES.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250325115509/en/

Contacts:

Media Contact:

Douglas De Orchis

Scratch Marketing Media for IRONSCALES

ironscales@scratchmm.com