Cloudflare Reports Over 5% of Global Emails Are Malicious in 2025

Cloudflare’s recent report reveals that more than 5% of global email traffic in 2025 is classified as malicious, highlighting a significant escalation in cyber threats targeting individuals and organizations worldwide. This finding underscores the evolving tactics of attackers and the urgent need for advanced detection technologies in an increasingly interconnected digital environment.

What happened

Cloudflare, a major internet infrastructure and security provider, analyzed its internet traffic monitoring and security analytics data to determine that over 5% of emails circulating globally in 2025 are malicious. This figure encompasses emails involved in phishing, malware distribution, and business email compromise schemes. These findings were reported publicly and corroborated by other cybersecurity entities.

Supporting this trend, independent cybersecurity firm Proofpoint documented a roughly 30% year-over-year increase in phishing attacks in its 2025 Email Fraud Landscape report. Proofpoint highlighted that email remains the primary vector for ransomware deployment and credential theft campaigns. Meanwhile, the Anti-Phishing Working Group (APWG) noted a rise not only in volume but also in the sophistication of phishing attacks during 2024 and into 2025, with attackers increasingly employing AI-generated content to evade traditional filtering mechanisms.

In response to these growing threats, industry analysts such as Gartner emphasize the adoption of emerging detection technologies. These include AI and machine learning-based email filters, behavioral analytics, and zero-trust email security frameworks designed to improve detection accuracy by reducing false positives and identifying novel attack patterns. However, the data underpinning Cloudflare’s report derives from its own traffic monitoring and may not uniformly represent the entire global email ecosystem.

Why this matters

The finding that over 5% of emails are malicious signals a significant shift in the cyber threat landscape, reflecting more advanced and adaptive tactics by threat actors. The increase in phishing and malware campaigns illustrates how attackers exploit email as a persistent and effective attack vector. This has wide-ranging implications for businesses, governments, and individuals who rely heavily on email for communication and operational continuity.

The growing use of AI by attackers to craft more convincing and evasive phishing emails complicates detection efforts, requiring defenders to also employ AI-driven solutions that analyze behavioral and contextual signals rather than relying solely on static indicators. This arms race between attackers and defenders is occurring against a backdrop of an increasingly interconnected digital environment, characterized by widespread remote work, cloud services, and complex supply chains, all of which expand the attack surface.

From a market and policy perspective, the escalation in malicious email prevalence underscores the critical need for integrated, multi-layered email security strategies. These strategies combine endpoint protection, network security, and identity management to mitigate risks effectively. The trend also highlights the growing importance of cybersecurity investments and regulatory frameworks that promote resilience and information sharing across sectors.

What remains unclear

Despite the available data, several key questions remain unanswered. The proportion of detected malicious emails that lead to successful compromises or breaches is not provided by Cloudflare or other referenced sources, leaving the real-world impact on security outcomes uncertain. Additionally, the effectiveness of current AI and machine learning-based detection tools in operational environments—particularly their ability to balance false positives and false negatives—has not been quantified.

Details on the specific breakdown of malicious email types within the reported 5% figure—such as the relative shares of phishing, malware, and business email compromise—are also absent. Furthermore, emerging tactics beyond traditional phishing, including the use of deepfake audio or video linked from emails and AI-driven social engineering, are noted as areas of concern but lack detailed data or analysis in the sources.

Regional variations in email infrastructure and security maturity, which could affect both the prevalence of malicious emails and the efficacy of mitigation measures, are not addressed. There is also no information on how evolving regulations or standards are influencing email security practices globally.

What to watch next

• Further disclosures on the success rates of malicious email campaigns in causing security breaches or data loss.
• Updates from cybersecurity firms and industry analysts on the adoption and real-world performance of AI/ML-based email security tools.
• Research or reporting on new attack vectors leveraging AI-generated content, deepfakes, or other novel social engineering techniques.
• Regional studies examining differences in email threat prevalence and mitigation effectiveness across varied infrastructure and regulatory environments.
• Regulatory developments or standards initiatives aimed at strengthening email security and incident reporting requirements.

The rise to over 5% malicious email prevalence in 2025 reflects a dynamic and escalating cyber threat environment. While detection technologies are advancing, significant gaps remain in understanding the full impact of these threats and the effectiveness of current defenses. Continued transparency, data sharing, and innovation will be essential to address these challenges in an increasingly digital and interconnected world.

Source: https://cointelegraph.com/news/over-1-in-20-emails-are-malicious-warns-internet-giant-cloudflare?utm_source=rss_feed&utm_medium=rss&utm_campaign=rss_partner_inbound. This article is based on verified research material available at the time of writing. Where information is limited or unavailable, this is stated explicitly.