75% of Indian firms faced email breach in 2025, finds Barracuda Report

Barracuda Networks has released its Email Security Breach Report 2025, revealing that 75% of organisations in India, and 78% globally, experienced an email security breach over the past 12 months. The findings highlight the escalating risks faced by enterprises as attackers exploit complex, evasive email threats and delayed response times.

The report found that organisations taking longer than nine hours to contain a breach face a 79% chance of subsequently being hit by ransomware. On average, responding to and recovering from a breach costs USD 217,068 globally, with smaller firms hit hardest. Businesses with 50–100 employees incurred costs averaging USD 1,946 per person, while large enterprises faced USD 243 per employee in recovery expenses.

Conducted by Barracuda in partnership with Vanson Bourne, the survey gathered insights from 2,000 IT and security leaders across North America, Europe, and Asia-Pacific, assessing how organisations detect, respond to, and recover from email-based cyber incidents.

Despite the critical role of rapid detection and remediation, many organisations continue to struggle. Respondents cited advanced evasion techniques, a shortage of skilled professionals, and the lack of automated incident response tools as major obstacles.

Key findings of Barracuda Networks Email Security Breach Report 2025 :

• 75% of Indian organisations (and 78% globally) experienced an email breach in the past year.

• 71% of organisations hit by email breaches also suffered ransomware attacks.

• 46% of Indian firms (and 41% globally) reported reputational damage and lost new business opportunities.$217,068 — average global cost of breach response and recovery.

• Only 50% of organisations detected a breach within the first hour.

• Those taking 9+ hours to respond had a 79% chance of ransomware infection.

• 52% of Indian respondents cited advanced evasion techniques as the top obstacle to fast incident response.

• 44% said lack of automation delayed detection and remediation.

“Email security is no longer just about stopping spam or mass phishing — it’s about preventing the first domino from falling in a cyberthreat chain that could end in operational paralysis, data loss, reputational damage, and long-term business impact,” said Neal Bradbury, Chief Product Officer, Barracuda Networks.

“Responding quickly and effectively to email breaches is critical to overall cyber resilience. Yet, detection and containment are often hampered by complex and evasive attacks, internal skills shortages, and a lack of automation. A unified, integrated security platform is essential to protect modern organisations at scale.”

The report underscores that email remains the top attack vector for cybercriminals, serving as the gateway to ransomware, credential theft, and business email compromise. As threat actors leverage AI to craft more convincing and evasive attacks, enterprises must strengthen incident response automation, cross-platform visibility, and integrated threat detection to minimise risk and reduce recovery costs.

Read More:

How AI Is empowering SMBs to redefine customer experience

How enterprise cloud is transforming in India with AI-native innovation?

DEP’s Basant Sharma: AI and Digital Twins will define India’s next wave of manufacturing

AISIE applauds DGTR’s Anti-Dumping move on toner cartridge imports