Egress Research Shows Employees are Causing Rising Breach Risk

Research released this week by Egress shows an alarming rate of data breaches affecting organisations in the UK and US. The report titled 2020 Outbound Email Data Breach Report, stated that 93% of IT leaders surveyed said that their organisation had suffered data breaches through outbound email in the last 12 months which equates to an email data breach happens approximately every 12 working hours!

Key insights from respondents include:

  • 93% had experienced data breaches via outbound email in the past 12 months
  • Organisations reported at least an average of 180 incidents per year when sensitive data was put at risk, equating to approximately one every 12 working hours
  • The most common breach types were replying to spear-phishing emails (80%); emails sent to the wrong recipients (80%); incorrect file attachments (80%)
  • 62% rely on people-led reporting to identify outbound email data breaches
  • 94% of surveyed organisations have seen outbound email volume increase during COVID-19. 68% say they have seen increases of between 26 and 75%
  • 70% believe that remote working raises the risk of sensitive data being put at risk from outbound email data breaches

Egress CEO Tony Pepper commented:

“Unfortunately, legacy email security tools and the native controls within email environments, such as Outlook for Microsoft 365, are unable to mitigate the outbound email security risks that modern organisations face today. They rely on static rules or user-led decisions and are unable to learn from individual employees’ behaviour patterns. This means they can’t detect any abnormal changes that put data at risk – such as Outlook autocomplete suggesting the wrong recipient and a tired employee adding them to an email.”

“This problem is only going to get worse with increased remote working and higher email volumes creating prime conditions for outbound email data breaches of a type that traditional DLP tools simply cannot handle. Instead, organisations need intelligent technologies, like machine learning, to create a contextual understanding of individual users that spots errors such as wrong recipients, incorrect file attachments or responses to phishing emails, and alerts the user before they make a mistake.”