A commissioned study conducted by Forrester Consulting on behalf of Tessian in July 2022 reveals that a composite enterprise of 10,000 protected inboxes saw 268% Return On Investment (ROI) over three years after deploying Tessian. This amounts to over 29,600 labor hours saved.
In addition to the significant time savings, the benefit of having Tessian deployed focused on reducing email security risk against advanced email threats, as well as preventing email data loss. Additional key benefits included quantifiable improvements to the security culture of customer organizations, leading to lower click-through-rates and a greater awareness of the cyber risks posed on email.
Tessian commissioned Forrester Consulting to conduct a Total Economic Impact™ study to examine the ROI that a composite enterprise realized by deploying Tessian over a 3 year period. The value of having Tessian deployed was distributed accordingly:
• Savings of $3.1 million due to inbound email threat prevention, including against advanced malicious emails that upstream solutions failed to detect.
• Savings of $2.6 million from preventing email data loss incidents thanks to Tessian’s advanced email data loss protection capability.
• $2.9 million in savings from preventing accidental email from being sent – this includes preventing misdirected and miss-attached emails from being sent.
For modeling purposes Forrester Consulting used full Tessian Platform implementation for a 10,000 end-user enterprise. The study found total benefits of $8.6m, a net present value (NPV) of $6.2m, and an ROI of 268%.
Risk Reduction
Email remains the preferred delivery mechanism for devastating malware attacks, including ransomware. The FBI notes in its latest IC3 report that Business Email Compromise (BEC) has led to losses of $43 billion in the past 5 years, with 65% of these losses occurring in the period 2019 to 2021.
According to the study, this is supported by Forrester’s own research, finding that email-based phishing attacks are playing an increasingly prominent role in security breaches, rising from 23% in 2020 to 31% in 2021. This represents a 35% year-over-year increase. Of concern are the increasing sophistication of BEC, account takeover attacks (ATO), and the devastating impact that insider threats pose, particularly from a data breach perspective.
An information gap that Forrester Consulting identified in the study is the lack of research available and awareness surrounding email data loss. This was mirrored both in published research and in the enterprise. Only after deploying Tessian, did customers realize the magnitude of the data loss risk they faced.
Challenges before Tessian
Some of the key email security challenges prior to interviewed organizations choosing Tessian, included:
• A lack of detection and prevention capability of existing email security tools against advanced threats. Interviewees noted that advanced email threats are becoming more prevalent and more targeted at senior executives.
• Previous email security tools had limited or no email data loss capabilities. Due to the sensitive nature of data processed by the interviewees’ organizations, they could no longer take the risk of not addressing email data loss risk arising from either exfiltration and misdirected emails.
• Existing email security solutions that relied on rule-based policies resulted in excessive and disruptive banner warnings without context and didn’t offer protection. In this noisy environment every email had to be treated as a threat, the organizations had no trust in the security efficacy of their existing email security solutions.
“Our phishing attack rate had gone up almost 250% in six months… We were seeing a highly targeted set of phishing campaigns. We just continued to see an increase and they were getting past the [existing] filtering and they were unfortunately gathering people’s credentials.”
Assistant director of information security, healthcare
Solution Requirements
Prior to choosing Tessian, the features interviewees wanted in an advanced email security solution included:
• Definitive and demonstrable AI and ML capabilities.
• High-quality and actionable alerts.
• Advanced protection capabilities for inbound as well as outbound email.
• API-based integrations into the existing security stack and email environments.
• Fast deployment and low management overhead.
• Ability to scale as well as providing a flexible and strategic partnership.
Impact of Tessian
The enterprise organizations that Forrester evaluated found Tessian delivered the following:
• Halving the phishing rate for a large healthcare enterprise, while also reducing the time to diagnose and respond to phishing campaigns from 8.5 hours down to 5 hours.
• Blocking 143 malicious emails in 1 month for a financial services company, and significantly reducing the click-through-rate while improving the security awareness of employees to better identify malicious emails.
• Detecting and preventing 901 malicious emails in one month at another financial services company that had gone undetected by other upstream email security tools.
“Our [other security tools] are nowhere near as good at identifying phishing emails, fraud, or impersonation as Tessian…. and Tessian is highlighting them for users.
”
information security manager, professional services
For data exfiltration, Tessian had the following impact:
• Detected and enabled fast and effective protection and response against data exfiltration attempts for a healthcare enterprise.
• Enabled a culture shift in the professional services company, reducing data exfiltration over email due to the proactive warnings provided by Tessian.
“[Data exfiltration] was an issue we didn’t know [we had], Tessian showed us, and we’re able to figure out how to close that compliance gap quickly.”
Assistant Director of information security, healthcare
For misdirected emails Tessian had the following impact:
• 270 instances of accidental data loss in 90 days were prevented for a professional services firm.
• 243 misdirected emails and 9 incorrect attachments were detected in one month at a financial services firm.
• Significant reduction in misdirected emails at a healthcare company with the director of information security citing an overall improvement of security awareness among end-users, evidenced by fewer accidental data loss instances every month.
Additional benefits
Better security decision-making: The Forrester study also found there was better end-user security decision-making due to contextual prompts end-users receive in real time on likely malicious emails. Security administrators also leveraged the improved risk analytics to better understand how email security risk is trending in their environment.
Greater investigation efficiency and ability to demonstrate ROI to leadership: Another key benefit realized was significantly faster investigations of email security incidents, as well as a low effort in communicating the ROI of Tessian and how it is reducing email risk to the executive leadership.
Enhanced end-user experience: The user experience and positive feedback from end-users of Tessian were among the notable findings. The positive feedback was tied to the fact that Tessian makes end-users feel more secure and confident on email. This was in large part due to the context driven alerts on likely malicious emails, as well Tessian’s ability to prevent email mistakes from happening.
Improved security culture: The impact Tessian was having on improving the security culture across the organizations interviewed was significant, with one of the interviewees sharing that thanks to Tessian, their latest phishing-prone score was 10% lower than the industry benchmark.
“Tessian makes the difference by delivering value for the company that we can prove. It is really hard to show strategic value for information security, but Tessian is easy to explain and show.”
CIO, professional services
Tessian for advanced email ecosystem protection
Although there are numerous cloud email security solutions on the market today, only Tessian offers the most comprehensive cloud email security protection available. Thanks to our machine learning powered behavioral detection and cloud email security platform approach, Tessian offers protection against advanced email threats as well as prevents email data loss.
Combined with in-the-moment security awareness coaching, the easy ability to demonstrate ROI, and the strategic and flexible nature of our customer partnerships, leads Tessian to be among the most liked security tools by security leaders and end-users alike.
Want more information on how Tessian can protect your organization? Book a call with one of the team below or try our free email threat assessment.
To see how the Tessian Intelligent Cloud Email Security platform prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.
For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Negin Aminian
Senior Product Marketing Manager