Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Move beyond your SEG with Tessian’s SEG Consolidation Wizard  | Generate Report Now →

Forrester Consulting Study: Take Control of Email Security with Human Layer Security Protection

Forrester Logo

Data is the lifeblood of a successful business, and email systems are the veins through which it travels. But new Forrester Consulting research commissioned by Tessian shows legacy solutions aren’t enough to protect this vital business organ… 

Human Layer Security is the answer.


To Err is Human

While security and risk leaders have a lot to worry about, human error tops the list. 


That’s because, on average, organizations experience between one and fifty employee-related email security incidents per month, depending on the company size. Nearly 40% report 10+ incidents a month.

Accidental data loss and business email compromise are most common, with nearly half of respondents saying they’ve experienced an incident in the past 12 months.

It’s no wonder 61% of our survey respondents think an employee will cause their next data breach. 

And the disappearing perimeter hasn’t helped…

63% of security and risk leaders believe hybrid work environments will make human-activated threats more prevalent. 

Trying…But Failing

Of course, it’s not as if security leaders aren’t trying to bolster their defenses, and they know email is every bit as crucial an environment to protect as network and databases.


The problem is, built-in security controls and legacy technology alone aren’t enough to prevent human error. 

Three in four firms report that 20% or more email security and data loss incidents get past their existing security controls and, despite phishing simulations and ongoing security awareness training, roughly one-quarter report that nearly 25% of employees have failed a phishing test in the past year. 

Accidental data loss is a big problem, too with 1 in 4 saying they simply don’t have controls in place to prevent misdirected emails.

That’s a lot of risk, but it could be just the tip of the iceberg…

One-third say they lack visibility into threats and risky behaviors, proving traditional security solutions have inherent limitations when it comes to solving for risks posed by people.

A Lot to Lose

While security and risk leaders may lack visibility into the full scope of the problem, they have a clear understanding of the short- and long-term consequences of data loss incidents and breaches.

Over half have seen an impact on revenue, employee trust, and customer trust in addition to lost data.

Doing Nothing Isn’t An Option

While cybersecurity certainly can be a business enabler, investigating and remediating incidents can drain an organization’s resources and contribute to staff burnout. 


Over a third of firms say they’re wasting a precious amount of time, money, and effort combating email security challenges. 

How much time? According to Forrester’s research, organizations spend up to 600 hours per month resolving employee-related email security incidents.

With these lost hours combined by lost revenue and trust, it’s no wonder nearly half of security and risk leaders are looking to improve their email security postures, and are specifically seeking solutions that allow them to gain visibility into risky human behaviors and build unique security identity and risk scores for each employee. 

They then want to use this information to feed automated, ML-based threat detection systems to help them predict and protect against unknown threats.

Control the Uncontrollable with Human Layer Security

This more “human” approach – called Human Layer Security – has been proven to work. 


Forrester found that the security and risk leaders who have adopted this approach feel more prepared to face security and data loss incidents and to face a hybrid workforce than those who haven’t. 

They believe their email security posture is extremely effective at alerting the organization to potential attacks/threats from users’ risky behaviors or poor security decisions. Meanwhile, those who don’t take a Human Layer approach feel less control over business disruptions.

The key? Human Layer Security focuses on in-the-moment training and preventative (vs. reactive) technology. 

Human Layer Security Technology leverages Machine Learning and Artificial Intelligence (ML/AI) capabilities, an organizations’ own email data, and uses behavioral intelligence to help mitigate human-centric security vulnerabilities so organizations are better able to stop data breaches before they happen.

Human Layer Security Pays Off

The bottom line: there’s a significant upside to an enhanced security posture. 


Email security improvements will not only help firms avoid costly human activated security threats, but security and risk leaders expect they will increase customer trust, increase revenue, improve employee experience, while gaining a better understanding of enterprise risk across team silos.

In fact, the study concludes that Human Layer Security is necessary to achieve the full value of and maximum protection of existing security tech stacks in a way that empowers employees. 

Want to learn more about Forrester’s findings? Download the full study below, or request a demo to see Tessian’s Human Layer Security platform in action.



Request a Demo →