← All topics
Cyber-insurance readiness

Email Security

Filtering and inbound controls on the primary attack vector.

Why it matters

The large majority of attacks start in the inbox; inbound controls stop most before a click.

What strong practice looks like

Email filtering / secure gateway and inbound screening controls.

What this area covers

Is email filtering or a Secure Email Gateway in place?

Email security is the protection that filters dangerous email before it reaches your team — blocking spam, malicious attachments, and fake “phishing” messages designed to trick someone into clicking a bad link or handing over a password. It’s often built into your email provider (Microsoft 365, Google Workspace) or added as a separate service (a “secure email gateway”).

Carriers ask because email is the number-one way attackers get in — most breaches start with a single bad email someone clicked.

CISA — Recognize and Report Phishing ↗ — what good looks like

Also covered in this area

  • Email security product / vendor (if any)
  • Which inbound controls are enabled?

This library is general education, not advice about your specific organization. It describes what each control is and what strong practice looks like; whether and how any of it applies to you is your decision, in consultation with your carrier, broker, or counsel.