Reviewing Latest Email Security Threats

Forrester TEI Study: Health System Saves $2M via Reduced Risk and Streamlined Operations with Proofpoint Email Security

November 26, 2019
Sara Pan

Forrester, a leading analyst firm, recently conducted a Total Economic Impact (TEI) study and examined the potential return on investment (ROI) enterprises realize by implementing Proofpoint’s email security solution. Forrester summarized that the net benefit for this customer using Proofpoint email security solution was $1.7 million, with a 259% return on investment (ROI). The payback period (the breakeven point for the investment) was less than three months.

According to Forrester, email remains the top threat vector and a powerful tool for attackers. Research indicates that 94% of threats start with email. Moreover, 27% of external attacks where an enterprise was breached were carried out using stolen credentials – often beginning with a simple phishing email. On top of that, according to FBI, losses due to business email compromise (BEC) and email account compromise (EAC) scams have reached $26.2 billion worldwide.

Proofpoint provides an advanced email security solution that helps customers protect against these sophisticated attacks, including email fraud, spear phishing, and malware. To better quantify the results from an investment with Proofpoint, Forrester interviewed a long-time customer of ours who is a large, U.S.-based healthcare system. Prior to using Proofpoint, this organization used various vendors for email protection with limited success and relied on manual capabilities to protect against advanced attacks. This Forrester TEI study provides readers with a framework to evaluate the potential financial impact of Proofpoint's email security solution on their own organizations.

Forrester listed out the top three challenges the healthcare system set out to solve:

  • Limit user exposure to email attacks. The organization recognized that malicious email posed a severe threat to its large user base and that in general, targeted attacks had grown more focused on individuals than infrastructure.
  • More efficient compliance with regulations. Healthcare is one of the most highly regulated industries, and providers are held to stringent government standards regarding the maintenance and protection of patient data.
  • Easily scale email security operations. With security staffing resources at a premium, the organization wanted automated and cloud-based tools that could effortlessly scale with growing email usage and threats.

The study’s results were crystal clear. The organization successfully strengthened its email security posture, more efficiently complied with its regulatory regime via data loss prevention and encryption, and automated key email security-related functions.

In terms of its security posture, the organization saw tremendous effectiveness in blocking inbound threats, as well as detecting threats that become malicious post-delivery. In compliance terms, the organization can now monitor and control the flow of sensitive patient information and business-critical data with Proofpoint Data Loss Prevention (DLP). They also set and enforce stringent email encryption processes, meeting constantly changing data privacy and industry regulations. “We are able to adequately demonstrate through Proofpoint logs that almost all email gets sent and received as encrypted mail,” said the CTO of the organization.

Finally, the organization also significantly reduced the effort required to run email security operations. The solution allows them to set automated policies, rely on Proofpoint’s intelligent threat analysis, and painlessly remove malicious content if it’s detected post-delivery. With Proofpoint’s offering, the customer eliminated the need for full-time employee (FTE) assets to script malicious email extraction, monitor and manage gateway policies manually, and analyze and update blocked sender lists. This automation saved another $300,000 by avoiding additional headcount to manage email security. Some tasks, such as pulling malicious emails post-delivery, previously required manual work. The CTO stated: “If Proofpoint later determines that a link or an attachment is malicious, that it had a timebomb in it, we can go and remove that from our mailboxes. That’s a very cool capability.”

Forrester utilized a risk-adjusted financial model to evaluate the financial impact of Proofpoint email security solution on its customer. Forrester then concluded that Proofpoint helped this large healthcare organization save $2 million by preventing both major data breaches and data loss via email.

To learn about the cost savings and the business benefits of Proofpoint email security, please download the Forrester Total Economic Impact whitepaper.