Barracuda Research Reveals How Email Attacks are Evolving and Who is Being Targeted the Most

New report shows that all employees, not just top executives, need to be prepared for spear-phishing attacks.

Barracuda, a trusted partner and leading provider of cloud-enabled security solutions, today released key findings about the way spear phishing attacks are evolving and who cybercriminals are targeting with these attacks. The report, titled Spear Phishing: Top Threats and Trends Vol. 6 – Insights into attackers’ evolving tactics and who they’re targeting, reveals fresh insights into recent trends in spear-phishing attacks and what you can do to protect your business.

Read the full report:

The report examines current trends in spear phishing, which employees are being targeted the most by different attacks, and the new tricks attackers are using to sneak past victims’ defenses. It also tackles the best practices and technology that organizations should be using to defend against these types of attacks.

A Closer Look at Attack Trends

Between May 2020 and June 2021, Barracuda researchers analyzed more than 12 million spear phishing and social engineering attacks impacting more than 3 million mailboxes at over 17,000 organizations. Here are some of the key takeaways from their analysis:

  • 1 in 10 social engineering attacks are business email compromise.
  • 43% of phishing attacks impersonate Microsoft.
  • An average organization is targeted by over 700 social engineering attacks each year.
  • 77% of BEC attacks target employees outside of financial and executive roles.
  • An average CEO will receive 57 targeted phishing attacks in a year.
  • 1 in 5 BEC attacks target employees in sales roles.
  • IT staffers receive an average of 40 targeted phishing attacks in a year.

“Cybercriminals are getting sneakier about who they target with their attacks, often targeting employees outside the finance and executive teams, looking for a weak link in your organization,” said Don MacLennan, SVP, Engineering & Product Management, Email Protection, Barracuda. “Targeting lower-level employees offers them a way to get in the door and then work their way up to higher-value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.”


Download the full report:

Read Vol. 1 – Best practices to defeat evolving attacks:

Read Vol. 2 – Email account takeover and defending against lateral phishing attacks:

Read Vol. 3 – Defending against business email compromise attacks:

Read Vol. 4 – Insights into attacker activity in compromised email accounts:

Read Vol. 5 – Best practices to defend against evolving attacks:

Read the e-book: 13 Email Threat Types to Know About Right Now:


About Barracuda  

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organizations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries.