A shocking 93% of companies surveyed suffered data breaches through outbound email in the last 12 months, according to a study from security firm Egress, conducted by Arlington Research.
Email data breaches occurred roughly every 12 working hours, the study notes.
Companies report that the most common breaches occurred when people were replying to spear-phishing
emails (80%) and emails sent to the wrong recipients (80%) and when there were incorrect file attachments (80%).
In addition, 94% say their outbound email volume has increased during COVID-19.
And 68% report increases of between 26 and 75%.
Another 70% believe remote working from home increases the risk of outbound email data breaches and of sensitive data being
exposed.
The most serious incidents were due to "an employee being tired or stressed." The second most-cited cause was remote working.
In 46% of the cases, employees
received a formal warning, and in 27% of the breaches, they were fired. Legal action was brought against them 28% of the time.
Financial damages resulted in 33% of the events, and
investigation by a regulatory body in 25%.
Of the firms polled, 62% rely on people-led reporting to identify outbound email breaches.
Of those surveyed, 16% have no technology in
place to protect data shared by outbound email. Of those with tools, 38% have Data Loss Prevention (DLP) tools, 44% have message level encryption and 45% have password protection for sensitive
documents.
However, in one third of the cases, employees failed to make use of the technology.
"This problem is only going to get worse with increased remote working and
higher email volumes creating prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle,” states Egress CEO Tony Pepper.
Arlington
Research interviewed 538 senior managers responsible for IT security in the UK and U.S.