Barracuda Networks has released new research showing that organizations taking more than nine hours to respond to an email security breach have a 79% likelihood of also falling victim to ransomware.

The Email Security Breach Report 2025 found that 78% of surveyed organizations experienced at least one email breach in the past year, with the average cost of recovery reaching $217,068.

The research shows that smaller companies face a greater financial burden per employee. Businesses with 50 to 100 employees reported an average cost of $1,946 per person, compared to $243 per employee for larger organizations with 1,000 to 2,000 staff.

Only half of respondents said they detected a breach within one hour. Those taking nine hours or more to contain and fix an incident were nearly eight times more likely to suffer a ransomware attack.

In addition to direct financial losses, 41% of organizations reported reputational damage, and many said they lost new business opportunities as a result of breaches.

Respondents cited several obstacles to quickly identifying and removing threats, including advanced evasion techniques (47%), a lack of automated incident response tools (44%), and ongoing cybersecurity skills shortages.

“Email security is no longer just about stopping spam or mass phishing — it’s about preventing the first domino from falling in a cyberthreat chain that could end in operational paralysis, data loss, reputational damage and longer-term business impacts,” said Neal Bradbury, chief product officer at Barracuda. “Responding quickly and effectively to email breaches is critical to overall cyber resilience.”

The findings are based on a global survey conducted by Vanson Bourne on behalf of Barracuda. The research included 2,000 IT and security decision-makers from organizations with 50 to 2,000 employees across the U.S., Europe and Asia-Pacific.