Most Data Loss Occurs Via Email, Study Says

Email is the source of most security problems within companies, judging by the Egress Data Loss Prevention Report 2021.  

Of the IT leaders polled, 83% have suffered an email data breach within the last 12 months, and 92% of their firms have suffered negative impacts from the episode.

And 95% of organizations have experienced some form of data loss in the last year.  

Who is to blame? Of all the incidents, many resulted from an employee sharing data in error or deliberately:  

  • Shared in error — 24%
  • Intentionally leaked — 24% 
  • External attack — 30%
  • Third-party supplier security — 18%

Here’s another possible factor: 59% of IT leaders report an increase in email data loss due to the COVID-19 pandemic. And 73% of employees feel worse because of the pandemic. 

The study cites an “under-pressure workforce that is contributing to higher risk of data loss through the channels they rely on when working remotely.” 

Email wasn’t the only culprit: Message apps including Teams and SMS caused problems for 77%, while 79% saw data loss arising from their network — i.e, from malware initiated by third parties.

Removable media such as USBs, CDs and DVDs caused problems for 72%, and physical copies going astray were to blame in 76% of firms. 

Overall, each respondent identified an average of 927 incidents across all channels per year. This translates to 3.5 cases of potential data loss per working day. And each email breach incident takes roughly 60 hours to resolve.  

The impacts are severe:

  • Litigation by data subjects — 29% 
  • Regulatory fine — 30% 
  • Damaged business reputation — 37%
  • Client churn — 38% 
  • Internal remediation and investigation — 40%

In addition, 41% say their own firm’s data is most at risk, and 23% say the same about client data. And 31% say both are prone to exposure.

In many cases, static tools play a role — 79% say they are experiencing problems using static DLP tools. And 42% say half of all incidents will not be detected by their DLP technology. 

The study takes a shot at Microsoft in this regard, saying, “The integrated email DLP security in Microsoft is built using static rules, and consequently cannot identify incidents that arise from employee behavior.”





Next story loading loading..