UK government employees receive average of 2,246 malicious emails per year

Comparitech recently conducted a series of freedom-of-information requests, which found that UK government employees received an average of 2,246 malicious emails each in 2022. The results showed that, across 250 government organisations, Comparitech estimates that 2.16 million government employees received a total of 2.75 billion malicious emails in 2022.

The study also found that:

• Government employees received an average of 2,245.88 malicious emails each in 2022
• 250 government organisations received an estimated 2.75 billion malicious emails in 2022
• Each government employee received an average of 355.92 spoofing emails, 32.2 emails containing malware/viruses, 184.6 phishing emails, and 832.57 spam/junk emails
• An average of 0.04 percent of the malicious emails were opened by staff in 2022, meaning 1.1 million malicious emails were potentially opened by government staff
• Of those opened, 0.21 percent of these malicious emails resulted in staff members clicking on suspicious links = 2,311

Having conducted a similar study 2 years ago, Comparitech was able to conclude that 2021 saw a slightly higher rate of emails per government employee–2,399.

Unfortunately, this doesn’t necessarily mean governments are under any less of a threat. In fact, Comparitech previously looked at worldwide ransomware trends, which indicated, ransomware attacks on government departments have remained a consistent and dominant threat in recent years.

It’s also important to understand that the government departments with high volumes of malicious emails aren’t necessarily bigger targets for hackers or have “weaker” security systems. Rather, their IT systems may be doing a better job at filtering out malicious emails. Equally, IT systems may differ in their tracking and calculating of malicious email volumes, which impacted the results.

Government departments that received the most malicious emails were:

1. Government of Northern Ireland: 1.05bn malicious emails received by 24,324 employees = 43,003 emails per employee.
2. NHS England (which has recently merged with NHS Digital): 473.2m malicious emails received by 1,410,430 employees (the entire NHS staff force) = 336 emails per employee.
3. The British Council: 44.3m malicious emails received by 1,299 employees = 34,124 emails per employee.
4. Network Rail Limited: 25.4m malicious emails received by 44,010 employees = 578 emails per employee.