Mimecast's The State of Email Security, published in 2018 states that, "Cyberattackers from all over the world are targeting organizations, like yours." and that almost 60% of organizations will suffer from the effects of a malicious attack or loss of information this year!
Email security, like any form of virtual or physical security starts at the top. A top-level acceptance of rick, mitigation, planning procedure and action is the only way that you can beat the odds. Don't be in the majority, be ready!