Data is the lifeblood of a successful business, and email systems are the veins through which it travels. But new Forrester Consulting research commissioned by Tessian shows legacy solutions aren’t enough to protect this vital business organ…
Key insights from the study include:
- Nearly 40% of organizations report 10+ employee-related email security incidents per month
- 61% of our survey respondents think an employee will cause their next data breach
- Over 75% of firms report that 20% or more email security incidents get past their existing security controls
- One-third say they lack visibility into threats and risky behaviors
- Organizations spend up to 600 hours per month resolving employee-related email security incidents
- 42% of security and risk leaders are looking to improve their email security postures
To err is human…
While security and risk leaders have a lot to worry about, human error tops the list.
That’s because, on average, organizations experience between one and fifty employee-related email security incidents per month, depending on the company size. Nearly 40% report 10+ incidents a month.
Accidental data loss and business email compromise are most common, with nearly half of respondents saying they’ve experienced an incident in the past 12 months.
It’s no wonder 61% of our survey respondents think an employee will cause their next data breach.
So, how are they trying to solve the problem?
Trying to solve the “people problem”
One thing is for sure: security leaders are trying to bolster their defenses, and they know email is every bit as crucial an environment to protect as network and databases. The problem is, built-in security controls and legacy technology alone aren’t enough to prevent human error. In fact, these solutions are actually creating more work for thinly-stretched security teams.
Over a third of firms say they’re wasting a precious amount of time, money, and effort combating email security challenges.
How much time? According to Forrester’s research, organizations spend up to 600 hours per month resolving employee-related email security incidents.
Alas, despite so much time and effort, over 75% of firms report that 20% or more email security incidents get past their existing security controls and, despite phishing simulations and ongoing security awareness training, roughly one-quarter report that 21% or more of employees have failed a phishing test in the past year.
Accidental data loss is a big problem, too with 24% saying they simply don’t have controls in place to prevent misdirected emails.
That’s a lot of risk, but it could be just the tip of the iceberg…One-third say they lack visibility into threats and risky behaviors, proving traditional security solutions have inherent limitations when it comes to solving for risks posed by people.
In fact, according to Tessian’s State of Data Loss Prevention report, IT leaders working at organizations with 1,000+ people in the US estimate 480 emails are sent to the wrong person every year. In reality, Tessian found that an average of 800 emails are misdirected in organizations with 1,000 employees during a single year.
That’s a big difference…
Based on all of the above, it’s no wonder 42% of security and risk leaders are looking to improve their email security postures, and are specifically seeking solutions that allow them to gain visibility into risky human behaviors and build unique security identity and risk scores for each employee.
They then want to use this information to feed automated, ML-based threat detection systems to help them predict and protect against unknown threats.
Download the full study.
You can also book a demo to see Tessian’s platform in action.