How many employees have to get phished before they take action? How much ransomware has to be paid before they take action? How many personal records have to be stolen before they take action? What will it take for email security service providers to install phishing protection technology and protect their customers? Apparently they haven’t hit the limit yet because the one thing we know for sure is that they aren’t doing a very good job of it.

Research conducted by academics at Plymouth’s Centre for Security, Communications and Network (CSCAN) discovered that up to 75% of “the potential phishing messages made it into inboxes and were not in any way labelled to highlight them as spam or suspicious. Moreover, only 6% of messages were explicitly labelled as malicious.”

Why does this number reflect so poorly on the email service providers? Because the researchers used “email content obtained from archives of reported phishing attacks.” That’s right! They used known phishing emails that had already been circulated and the email service providers found 6 out of 100.

We’re not talking about zero-day exploits—phishing tactics that have never been seen before. The most basic phishing filters would have discovered these, which seems to imply that the email service providers aren’t doing any phishing filtering at all.

According to Professor Steven Furnell, leader of CSCAN, “The poor performance of most providers implies they either do not employ filtering based on language content, or that it is inadequate to protect users.”

Phishing attacks are on the rise. Phishing attacks are the cause of most cybersecurity breaches. No matter how much employee training there is, some employees will click on malicious links. And now we know that when it comes to phishing protection, email service provider offer little in the way of protection. The bottom line is companies are on their own.

If you want to protect your company from phishing attacks that lead to cyber breaches, you’re going to have to take matters into your own hands and deploy your own phishing prevention technology. One of the best ways to do that is with Phish Protection.

Phish Protection, cloud-based email security service with real-time link protection, is designed to do one thing really well: keep phishing emails OUT of the inbox. The exact thing email service providers have chosen not to do.

Phish Protection works with all email platforms including Office 365. It protects all devices, sets up in minutes and only costs pennies a day per employee.

You may not be able to convince your email service provider to install anti-phishing technology, but that doesn’t mean you can’t protect your employees from phishing. Try Phish Protection for free for 30 days.