By the Numbers: The Real ROI of Replacing a SEG with Abnormal

Legacy secure email gateways (SEGs) were built for a different era—one dominated by spam and known malware. But today, organizations face more complex, socially-engineered threats like business email compromise (BEC), credential phishing, and AI-generated attacks that are specifically designed to evade traditional defenses.

To understand the real-world impact of moving away from SEGs, Abnormal commissioned independent research from the AimPoint Group. The study surveyed and interviewed cybersecurity leaders from enterprises that fully removed their SEG after adopting the Abnormal platform.

Here’s what they had to say.

SEGs require constant hands-on maintenance—safelists, blocklists, custom rules, keyword tuning, and frequent policy exceptions. According to the study, organizations using SEGs needed 1.4 full-time employees per 1,000 mailboxes to handle administration. After switching to Abnormal, that dropped to 0.6 FTEs, a 59% reduction.

Abnormal’s behavioral AI continuously analyzes identity, context, and communication patterns to detect anomalies—removing the need for rigid rule management.

User-reported phishing emails often flood security teams. With a SEG, the average organization spent over 5.6 hours per week per 1,000 mailboxes reviewing and responding to these reports.

Abnormal reduced both the volume of reported messages and the time spent investigating each one. The result? A 91% decrease in time spent on user-reported emails, translating to $17,074 in annual savings per 1,000 mailboxes.

SEGs generated a high number of false positives—41% of all alert investigations on average. Abnormal brought that number down to just 8%, slashing time spent chasing harmless alerts by 92% and saving $993 per 100 alerts investigated.

This not only reduces burnout but frees up analysts to focus on real threats.

“We hardly had time or the right tools to investigate emails. Now we have that time—and the assistance of Abnormal.”
— Senior Director of Corporate Security Operations

SEGs do little to help employees manage graymail—the marketing emails and newsletters that clutter inboxes. According to the study, this costs organizations 70.4 hours per day per 1,000 employees, or $703,513 annually in lost productivity.

Abnormal’s AI learns each user’s behavior and filters out low-value messages automatically, giving time back to every employee—not just the security team.

Replacing the SEG didn’t mean cutting jobs. Only 6% of organizations used time savings to reduce headcount. Most reassigned team members to strategic initiatives like mobile security, threat analysis, and policy development.

“Nobody wants to manage a SEG. We took the people who had been doing that and created a new team for mobile security. They loved the change.”
— Director of Information Security, Fortune 500 Retail Company

As threats evolve and security teams face mounting pressure to do more with less, the benefits of replacing a SEG with Abnormal are clear. Organizations gain stronger protection, streamlined operations, and measurable ROI in just weeks.

Running a proof of concept—while still keeping your SEG in place—can immediately reveal which threats are slipping through. And once you see the results, the case for full replacement becomes undeniable.

Learn more about the ROI of replacing your SEG in the full report.