IRONSCALES Research Exposes Critical Failures in Secure Email Gateways

New research report reveals SEGs are missing 67.5 phishing emails per 100 mailboxes monthly

IRONSCALES, the AI-powered email security leader protecting over 15,000 global customers from advanced phishing attacks, announced the release of a first-of-its-kind research report quantifying the real-world failure rates of Secure Email Gateways (SEGs). The whitepaper, The Hidden Gaps in SEG Protection, draws on data from 1,921 organizations of varying sizes across multiple industries, and reveals that legacy SEG solutions are consistently missing an average of 67.5 phishing emails per 100 mailboxes every month, despite being marketed as front-line defenses.

Unlike vendor-run simulations or static benchmarks, this analysis is based on actual phishing emails that bypassed SEG defenses and landed in user inboxes, only to be detected by the IRONSCALES email security platform, powered by Adaptive AI. The result: hard, empirical evidence of the widening protection gap, and the operational cost that comes with it.

“Security teams have been forced to operate on instinct and anecdote when it comes to SEG performance. This report replaces guesswork with data,” said Eyal Benishti, CEO of IRONSCALES. “It’s now clear that SEGs are routinely missing real-world threats, and that failure is draining time, budget, and resources.”

Marketing Technology Insights: NextGen Coding Launches Onshore Software Development Team

Key findings from the report include:

• High Miss Rates Across Vendors – SEG miss rates range from 38.4 to 101 phishing emails per 100 mailboxes monthly.
• Smaller Organizations Face Higher Risk – Organizations with fewer than 100 mailboxes experience up to 7.5x more missed phishing attacks than large enterprises. But even organizations with more than 7,500 mailboxes still see significant SEG failures, proving no company size is immune.
• Attackers Exploit Human Nature, Not Just Tech – Vendor scams and credential theft account for over 65% of missed phishing emails across SEGs—highlighting how rule-based systems struggle with socially engineered threats.
• Real Costs, Not Just Risk – Each missed phishing email costs an average of $36.29 to investigate and remediate and takes 27.5 minutes of analyst time.

The full report includes breakdowns of miss rates by SEG vendor, organization size, and attack type, offering a first-of-its-kind, data-driven look at how modern phishing attacks evade traditional filters.

Marketing Technology Insights: EventAware Tackles Headline Stress With AI Powered Event Summaries

The full findings also power the IRONSCALES new SEG Missed Phish Calculator, which allows organizations to estimate how many phishing emails their SEG is likely letting through, along with a breakdown of attack types most commonly missed for their specific size and SEG provider.

“The data validates what CISOs and security teams have known intuitively for years,” added Benishti. “Phishing threats have outpaced perimeter-based defenses. If your SEG is still your primary line of defense, you’re flying blind. And if SEGs are already struggling with socially engineered attacks, how will they handle the next wave of AI-generated phishing and deepfake-driven deception? Organizations need adaptive security that evolves with the threats they see.”

The report highlights the limitations of legacy email security tools and makes the case for a modern, adaptive approach, one that combines AI, behavioral analytics, and real-time human feedback to detect attacks SEGs miss. With inbox-level visibility and automated remediation, IRONSCALES empowers security teams to reduce alert fatigue, cut response times, and eliminate costly blind spots.

Marketing Technology Insights: Crunchbase Hires Ann Davis as Svp of Sales for AI Growth

Source – Businesswire

For media inquiries, you can write to our MarTech Newsroom at sudipto@intentamplify.com