Most Firms Suffer Outbound Email Data Breaches: Study

A shocking 93% of companies surveyed suffered data breaches through outbound email in the last 12 months, according to a study from security firm Egress, conducted by Arlington Research.

Email data breaches occurred roughly every 12 working hours, the study notes. 

Companies report that the most common breaches occurred when people were replying to spear-phishing emails (80%) and emails sent to the wrong recipients (80%) and when there were incorrect file attachments (80%).

In addition, 94% say their outbound email volume has increased during COVID-19. And 68% report increases of between 26 and 75%. 

Another 70% believe remote working from home increases the risk of outbound email data breaches and of sensitive data being exposed. 

The most serious incidents were due to "an employee being tired or stressed." The second most-cited cause was remote working. 

In 46% of the cases, employees received a formal warning, and in 27% of the breaches, they were fired. Legal action was brought against them 28% of the time.

Financial damages resulted in 33% of the events, and investigation by a regulatory body in 25%. 

Of the firms polled, 62% rely on people-led reporting to identify outbound email breaches.

Of those surveyed, 16% have no technology in place to protect data shared by outbound email. Of those with tools, 38% have Data Loss Prevention (DLP) tools, 44% have message level encryption and 45% have password protection for sensitive documents. 

However, in one third of the cases, employees failed to make use of the technology. 

"This problem is only going to get worse with increased remote working and higher email volumes creating prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle,” states Egress CEO Tony Pepper. 

Arlington Research interviewed 538 senior managers responsible for IT security in the UK and U.S. 


1 comment about "Most Firms Suffer Outbound Email Data Breaches: Study".
Check to receive email when comments are posted.
  1. Craig Mcdaniel from Sweepstakes Today LLC, September 21, 2020 at 9:03 p.m.

    I have seen a massive increase in the number of fake advertising emails being sent. I suggested some time ago that to slow down scam email is to attack this at the domain and hosting level. Specifically to change the ICANN rules to allow the USA and any other country to charge a a small fee for each email address per year. ICANN does nothing in the way of email security either through the servers, IP Addresses or hosting. I would propose $1.00 fee paid back to each country in exchange to have the email address verified. Maybe someone else has a better idea but this starts with out of the thinking to solve these sets of problems with email. 

Next story loading loading..