The latest Data Breach Incident Report from the Information Commissioner’s Office (ICO) revealed that misdirected emails were the number one cause of data breach incidents during Q4 2019, accounting for 20% more reported incidents than phishing attacks.
In response to these findings, we commissioned a straw poll with CitizenMe to learn more about these email errors with 300 email users in the UK and 300 in the US. Our poll found that almost two-thirds (64.5%) of respondents admitted to sending emails to the wrong recipients, with everything from confidential figures to court documents going astray. Here is what else this quick poll showed us:
Red-faced respondents say they don’t report email errors
Although 68% of UK respondents and 61% of US respondents admitted to sending work emails to the wrong recipient, anecdotal comments from those who admitted to doing this also showed that they hadn’t reported the incident to their line managers.
Anecdotal responses:
Mistake: I once sent confidential figures to a colleague in my team rather than the CEO as they both had the same first name. Outlook gave me her name as a suggestion rather than the CEO.
Did you report it: No, my colleague saw my mistake and quietly told me.
Mistake: I sent a document for a bankruptcy to the wrong client because I mixed up two small businesses. Both were chapter 7 bankruptcies filed around the same time and they both began with the letter A. I accidentally sent a document that came in from court to the wrong client because I confused the two, as previously mentioned.
Did you report it: No I did not. We are small business and I apologised to the client it was sent to and advised to disregard. Then I sent the document to the correct person.
Mistake: I emailed an excel sheet about future investment opportunities to the wrong person.
Did you report it: No, just apologised and sent it to the right receiver.
Elevated risk environment:
The ICO report and the results of our quick poll show that this is really just the tip of the iceberg. Most email data breaches go unreported, so it’s difficult for CISOs and their security teams to fully grasp and tackle this problem. What’s more, with 60% of the UK’s workforce now working remotely, we’ve seen a 23% increase in email usage due to the pandemic. Imagine what the true cost of misdirected emails would be if all were reported as data breaches?
In this elevated risk environment, where misdirected emails can have devastating repercussions if personal or corporate data is exposed, it is paramount that organisations provide staff with technology that stops outbound emails going to unintended recipients.
COVID-19: a catalyst for Digital Transformation
Post Covid-19 it remains to be seen what the new normal will look like, but all indications are pointing to increased remote and flexible working across the board. Organisations will then have the opportunity to distribute finances previously allocated to expensive real estate for other purposes. With remote working seemingly here to stay and email remaining the most common business communication tool, intelligent email security that prevents breaches and protected data must become a central part of organisations’ digital transformation stories.