Email Security: 2020 Industry Report

By June 12, 2020Industry Reports

Despite rapid technological advancements in social media, voice messaging and other forms of innovative communication, email is as alive as it was twenty years ago. Perhaps more so. At the same time, new solutions are constantly being developed to counter the ever-evolving security threats to this crucial tool, offering compelling and fresh investment opportunities. Below, this Bure Valley Group examines some of these exciting new opportunities in 2020 for the email security sector. For more insight and information please contact our investment team.

 

The evolution of email security

As email technology has changed over the past decades so have the threats seeking to exploit it. Security used to focus on firewalls and endpoint protection, moving eventually to secure email gateways. The widespread movement of email to the cloud – such as Office 365 -, however, has led to more advanced email threats such as cryptocurrency mining malware, social engineering and Office 365 account takeovers. 

Such activities have led to widespread realisation amongst firms and individuals that secure email gateways do not go far enough to ensure security. Whilst these might be useful in helping to counter viruses and bad email attachments, according to the 2019 Email Security Trends Report many executives regard them as insufficient to address other threats such as vishing, smishing and email account takeover via the cloud.

Email threats are certainly not subsiding. Indeed, at least 82% of organisations believe that they have faced an email-based security threat within the last 12 months – with 2 billion unique email addresses breached in 2019 alone. Office 365, although it boasts many benefits for businesses’ communications, is a particular target. The damage can be particularly devastating if malicious individuals succeed in this. Once an account is hacked, others can potentially be compromised as fake email addresses cannot be identified; the messages to the recipient appear valid.

Microsoft claims to be on the case with trying to address these vulnerabilities. Yet many believe this to be insufficient, leaving space for other market participants to come forward with their own innovative security solutions.

 

New tools entering the landscape

Today, organisations often use several digital communication tools in addition to Office 365 such as Workday, Slack or Chatter (Salesforce) which can present further security issues. On its own, Microsoft APT will not cover Office 365 completely let alone these other solutions. As such, a range of new security players is entering this growing industry which was valued at $762.82 million in 2019 and is projected to reach $1,246.99 million by 2025. 

For now, the global cloud-based email security market remains quite concentrated due to fewer players occupying the larger market share such as Trend Micro Inc., Fortinet Inc. and Cisco Systems Inc. Other important companies for investors to watch in this sphere include:

  • Forcepoint LLC
  • Broadcom Inc. (Symantec Corporation)
  • Mimecast Inc.
  • Sophos Group PLC
  • Dell Technologies Inc.
  • FireEye Inc.

Yet new players are trying to penetrate this landscape. In June 2019, for instance, a range of anti-phishing startups raised $139 million in venture capital funding including IronScales, Vade Secure, and Valimail. Valimail alone raised $45 million from Insight Partners. 

One interesting innovation is the development of machine learning or artificial intelligence (AI) to help address new, insidious attacks such as impersonation and social engineering. Writing Style DNA by Trend Micro, for instance, analyses the writing style of an email’s content using AI and machine learning to determine authenticity. This kind of sophisticated defence is impossible to execute with a traditional gateway, which cannot “read” the words of an email to determine whether or not the sender is legitimate. 

One key area of email security currently being explored by players in the market is whether to focus on the sender or the content when analysing questionable emails. Whilst startups like Ironscales or Vade have adopted a similar approach to Writing Style DNA, others like Valimail focus on the sender due to the increasing eloquence of hackers’ emails. 

In 2017, another player, Barracuda, made an important decision in developing a response to the plain-text emails from high-authority domains used in social-engineering attacks (which are not picked up by gateway solutions). Their product, Sentinel, was an interesting AI-based protection against spear phishing, account takeover and BEC. This integrates directly with Microsoft Office 365 APIs and uses machine learning to uncover emails with malicious intent using little/no IT administration.

 

Invitation

The development and growth of the email security market is showing little to no sign of slowing down, despite the growth of Slack, social media and other digital communication tools. 

If you are one of those who are interested in investing in sectors such as this and are unsure where to begin, contact the Bure Valley Group, a firm that specialises in providing investors with the guidance they need to find the next big investment.

You can contact Bure Valley now on +44 160 334 0827, or alternatively email them at [email protected]