The Cybersecurity Report from Hornetsecurity even classifies 2.3 percent of the content as malicious. The biggest threat continues to be phishing.
A third (36.9 percent) of all emails received by companies in 2024 were unwanted. This is a result of the renowned cybersecurity report from Hornetsecurity. Of these, 2.3 percent contained malicious content, equivalent to 427.8 million emails.
Phishing was once again the most common form of attack. It was responsible for a third of all cyberattacks in 2024, which Hornetsecurity found when analyzing 55.6 billion emails. This result shows that phishing remains one of the main problems and is dying out year after year. In 2024, 22.7 percent of cases were due to malicious URLs and 6.4 percent of cases were due to advance payment fraud.
Almost every malicious file type suffered a decline compared to last year, although HTML files (20.4 percent), PDFs (19.2 percent) and archive files (17.6 percent) remained in the top three spots and have done so consistently since 2023 .
Furthermore, data shows that the use of malicious attachments is declining. This is due to an increase in reverse proxy attacks last year. According to Hornetsecurity, these use social engineering and malicious links (not attachments) to trick users and steal login credentials. These attacks redirect users to fake login pages that collect data in real time and even bypass two-factor authentication. With a share of 22.7 percent, malicious URLs were the second most common type of attack. Their use rose sharply in 2023 – and the trend continues to rise as attackers use them to steal access data. Tools like Evilginx are used.
“The results of our current cybersecurity report show both the new and the progress in the fight against cyber threats,” said Daniel Hofmann, CEO of Hornetsecurity. “On the one hand, it is encouraging to see a certain consistency in attack methods. On the other hand, we are also seeing a shift towards targeted social engineering tactics. This means that companies must remain vigilant in their protective measures.”
The fact that more than 427 million malicious emails still end up in inboxes shows that companies need to evolve their cybersecurity strategies. “This is the only way they can stay one step ahead of increasingly sophisticated threats.” “The data from the 2025 Cybersecurity Report underscores the urgency of improving email security while raising user awareness to ensure the security of the company.” , added Hofmann.
