Email Is Our Most Important Means of Communication

Email is increasingly being used as the primary means of communication, both privately and professionally. This increases the importance of email infrastructure. For this reason, it is crucial that we, as a ‘cybernation’, make email infrastructure more secure in order to automatically prevent the ever-increasing number of dangerous attacks.

There are various studies with different perspectives on the use of email. Here are a few figures: In 2024, approximately 360 billion emails were sent daily by more than 4.5 billion email users worldwide. In Germany, 86 per cent of the population currently uses email. On average, Germans receive around 40 work-related emails per day – one in twelve even receives over 100 emails daily. On average, around 50 per cent of emails received are not only unwanted but also pose a threat, for example, spam emails or phishing emails containing malware.

In recent years, new communication systems with enhanced features and functions have become established, including chat systems such as WhatsApp, Telegram, and Slack, as well as collaboration systems such as Microsoft Teams and Trello.

Nevertheless, email usage has grown on average by 4.3 per cent in recent years, and the same is predicted for the coming years.

Why does email communication remain so important alongside the new communication systems?

Email communication is part of our everyday lives, not least because the email infrastructure allows us to conveniently handle many important processes, such as sending invoices.

The advantages of email are ease of use, low cost, and immediate delivery. The most important aspects that make email so successful are that email communication is globally standardized on the Internet, the email communication system consists of a decentralized infrastructure, and can, therefore, be operated independently by any company, which means that it cannot be controlled by a monopoly. For this reason, email communication is widely accepted around the world.

When emails are stored in a structured manner in user-defined folders, a valuable knowledge database is created in which useful information can be found at any time. (Audit-proof) archiving ensures that emails and their contents are highly available. In addition, emails are considered legally binding communication in some important fields. Sending invoices exclusively by email is an important example.

Problems with email communication

Thanks to the use of modern AI systems, attackers are increasingly sending automated phishing emails that not only sound authentic, but whose content is perfectly tailored to the recipient. This means that users are no longer able to consistently identify fraudulent emails as such.

Phishing emails containing malware are usually just the starting point for larger attacks such as ransomware attacks. For this reason, attacks involving phishing emails account for more than 90 per cent of attacks on companies.

Working together for greater email security

Due to the increasing importance of email and the more sophisticated attacks via email, all stakeholders – including companies, email providers and hosters with email offerings – must work together to prevent the email ecosystem from being negatively impacted. Raising user awareness, which is an otherwise proven measure, will not have the desired effect due to the attackers' approach described above. For this reason, we need additional layers of protection for our email communication.

The joint implementation of a secure email infrastructure allows email rules to be changed upon acceptance in such a way that a large number of attack attempts can be automatically repelled.

This works particularly well when all senders and recipients adhere to a common email security standard.

Then all stakeholders are able to adapt their filter rules and automatically create significantly more IT security for their important email communication.

This also gives us significantly more security for our business-critical email communication.

Instead of isolated solutions, everyone relies on common standards such as the BSI Technical Guidelines (BSI-TR-03182 and TR-3108) with established protocols such as SPF, DKIM and DMARC, as well as DNSSEC and DANA. These standards not only enable reliable authentication of our emails, but also automated detection of fraud attempts. The advantage of these standardized approaches lies in their broad support: they work independently of manufacturers and are compatible with all other email systems. This reduces the burden on company employees and private individuals.

Cost-benefit perspective

The implementation costs of these security technologies are predictable, while the costs of a security incident can be unpredictable and potentially existential. This fits in with the risk management strategy of modern companies: known, controllable costs today versus unknown, uncontrollable risks tomorrow.

Connectivity to further digitalization steps

Investing in secure email communication creates a solid foundation for further digitalization initiatives. With a secure digital identity, we are laying the foundation for future digital innovations together, whether electronic contracts, digital signatures, or secure customer portals.

Norbert Pohlmann is a Professor of Computer Science in the field of cybersecurity and is Managing Director of the Institute for Internet Security - if(is) at the Westphalian University of Applied Sciences in Gelsenkirchen, Germany. He is also Chair of the Board of the German IT Security Association TeleTrusT, and Board Member for IT Security at eco – Association of the Internet Industry.