Researchers analyzed threat patterns and response practices across 3500 organizations. An average organization with 1100 users will experience around 15 email security incidents per month. 3% of employees will click on a link in a malicious email, exposing the entire organization to attackers. Two-thirds of the malicious emails which landed in employees inbox were discovered through internal threat hunting investigations launched by the IT team. Another 24% of incidents were created from user-reported emails, 8.1% were discovered using community-sourced threat intelligence, and 0.4% through automated or previously remediated incidents.
Source: https://www.helpnetsecurity.com/2021/06/04/malicious-email-inbox/