A survey of 2,000 senior security decision-makers published this week finds more than three quarters (78%) work for organizations that experienced an email security breach in the past 12 months.

Conducted by the market research firm Vanson Bourne on behalf of Barracuda Networks, the survey also finds that on average the cost of recovering from a single email security breach is $217,068.

The survey also notes that organizations that require more than nine hours to remediate these breaches are also 79% more likely to be victimized by ransomware. Only half of respondents (50%) said they are able to detect an email breach in less than an hour, with 47% noting advanced evasion techniques are the main obstacle to rapid incident response.

A total of 44% also admitted a lack of automated incident response capabilities hampers their ability to detect, contain and remove threats.

Olesia Klevchuk, director of product marketing for Barracuda Networks, said in the age of artificial intelligence the cost of launching email attacks continues to decline. As a result, email attacks are increasing in both volume and sophistication, she adds.

Additionally, cybercriminals are also launching multi-channel attacks that, in addition to email, include messages sent via other types of messaging platforms, noted Klevchuk. Many of those attacks also now include deepfakes created using AI technologies that are crafted to create a sense of urgency that requires some type of immediate action, making it possible for malware to be injected into an IT environment, she added.

End users should also be trained to be more wary of unexpected messages sent from sources they don’t recognize, noted Klevchuk.

Ultimately, the only way to effectively thwart these attacks is to rely more on AI and other forms of automation to essentially fight fire with fire, she added. Like it or not, organizations are now locked in an AI arms race with adversaries, said Klevchuk.

It’s not clear to what degree cybersecurity teams are embracing AI given costs and budget constraints, but at this point it’s more a question of how much they’ll do so. AI, for example, makes it possible to correlate the source of an email to help validate it before it ever arrives in the inbox of an end user, noted Klevchuk.

Hopefully, the pace at which cybersecurity teams are able to successfully leverage AI to level a decidedly uneven playing field will only continue to accelerate. The simple fact is that the speed at which cyberattacks are simultaneously being launched is overwhelming the ability of understaffed cybersecurity teams to respond without help from AI. In fact, AI should help reduce the level of burnout that those teams experience when investigating email threats day in and day out.

Regardless of how many attacks are launched, the one thing that is certain is that email will continue to be a primary vector. The challenge, as always, is finding a way to secure messages in an era where the number of malicious actors trying to compromise IT environments only continues to expand.