The Egress Data Loss Prevention Report 2021 has revealed that 95% of IT leaders say that client and company data is at risk on email. In addition, an overwhelming 83% of organisations have suffered data breaches via this channel in the last 12 months. Human error was at the root of nearly one-quarter of incidents, with 24% caused by an employee sharing data in error – for example, sending an email containing sensitive data to the wrong recipient or attaching the wrong file.
The study, independently conducted by Arlington Research on behalf of Egress, interviewed 500 IT leaders and 3,000 remote-working employees in the UK and US across vertical sectors including financial services, healthcare and legal.
Key insights include:
· 95% of IT leaders believe that client and company data is at risk on email
· Data is most at risk on email, with 83% of organisations experiencing email data breaches
· Almost one-quarter (24%) of email data breach incidents were caused by an employee sharing data in error
· 42% of IT leaders say that half of all incidents won’t be detected by their static DLP tools
· 79% of IT leaders reported that they have deployed static email DLP solutions. However, that same amount reported experiencing difficulties resulting from their use
· 85% of employees are sending more emails due to remote working, heightening the risk of an email data breach
· 59% of IT leaders have reported an increase in email data leaks since implementing remote working as a result of the pandemic
· 73% of employees feel worse due to the pandemic, leading to increased likelihood of mistakes and security incidents
The hidden cost of remote working
Remote working has left employees highly reliant on digital communication, turning to a host of tools from video conferencing software to chat applications to carry out their duties remotely. Employees have also become even more reliant on email, particularly for sharing sensitive data. Since the beginning of the pandemic, 85% of employees reported sending more emails and 80% say they use email to communicate confidential information, increasing the surface area for risk when it comes to an outbound email data breach.
The research also found that 60% of employees are working in environments where distractions and interruptions are commonplace, such as a shared home offices and communal spaces. In addition to concerns around confidentiality, the distractions faced by employees in these settings leads to an environment of heightened risk of accidental data loss.
The risk is compounded by stress and tiredness – and the research revealed that 73% of employees reported that they feel worse because of the pandemic. The blurring of work and home life has led to many employees working longer hours, in distracting environments, with both factors exacerbating the risk of an employee-activated security incident. 73% of employees surveyed revealed that they access work emails outside of their contracted working hours, and almost one-quarter of employees (24%) reporting that they are normally doing something else at the same time.
It’s no surprise then that 59% of IT leaders acknowledged that they have seen an increase in data leakage via email since employees started working remotely due to the COVID-19 pandemic.
Organisations rely on legacy email DLP technology – and it’s failing them
To mitigate this risk, 79% of IT leaders state that they have deployed static email DLP solutions. However, that same amount reported experiencing difficulties resulting from their use. Furthermore, their effectiveness was found to be limited, with 42% of IT leader respondents saying that half of all incidents won’t be detected by the DLP tools they have in place.
Egress CEO Tony Pepper comments, “It’s clear to see that legacy DLP tools are no longer fit for purpose; they’re difficult to use and because they can’t take people’s behaviour into consideration, they’re limited in their ability to mitigate the rising tide of email data breaches in this new world of remote working. Many employees continue to work in challenging environments, and the lines between work and home life have been well and truly blurred. All of this contributes to the likelihood that a costly mistake might be made. Organisations must be aware of the new environment of risk that has been created by the working conditions brought about by the pandemic, and utilise advances in machine learning to give employees a safety net that can detect when they’re about to cause a data breach and prevent these incidents before they happen.”