Email remains the backbone of business communication. In fact, our latest research found that 93% of employees consider it “important” or “very important” to their daily work. However, as reliance on email grows, so do the risks. Compliance demands are mounting, driven by regulations like NIS2, DORA, and updates to GDPR, all of which require stricter email security controls. Despite these pressures, 67% of IT leaders admit that email security often takes a back seat, and only 34% of outbound email incidents are formally reported.
The result? A critical gap in email security that demands urgent attention. Organizations face increasing threats from both external attackers and internal errors, which can lead to significant compliance violations and reputational damage. That is why we are sharing three practical tips from our latest report to help businesses navigate these challenges head-on and build a safer email environment.
1. Expand your focus: Embrace a holistic email security strategy
Most security strategies emphasize inbound threats like phishing and malware—and for good reason, as 47% of IT leaders cite these as top concerns. Yet outbound risks, including misaddressed emails, wrong attachments, and CC/BCC errors, are responsible for over two-thirds of data loss incidents. In fact, 66% of IT leaders acknowledge that outbound mistakes often cause more damage than inbound attacks.
To mitigate these risks, organizations need a unified approach to email security. This means combining robust inbound protections, such as AI-driven phishing detection, with tools that proactively prevent outbound errors. Real-time safeguards can alert employees to potential mistakes before they happen, minimizing human error without disrupting workflows. A comprehensive strategy ensures your organization is not just defending against external threats, but also managing the risks posed by everyday communication.
2. Align your investments with the real threat landscape
Only 24% of IT leaders feel their security investments are very well aligned with actual risks, and 67% believe vendors are not innovating quickly enough to meet evolving challenges. At the same time, regulations like DORA and NIS2 are pushing for secure email practices as part of broader risk management frameworks.
Organizations must reassess their spending priorities to cover the full spectrum of email security. Outbound data leak prevention, for instance, remains underfunded—despite its critical role in safeguarding sensitive information, only 39% of IT leaders prioritize it. Conducting regular security audits can highlight these gaps, guiding smarter investments that balance inbound and outbound defenses.
By prioritizing comprehensive email security measures, businesses can better protect themselves from costly breaches and ensure compliance with ever-evolving regulations.
3. Transform security training: Make it relevant and engaging
While 64% of employees report receiving email security training, many find it ineffective. Over a third of employees in large organizations express dissatisfaction with generic training modules, and frustration is highest among those prone to email mistakes. The solution? Training that is engaging, contextual, and tailored to real-world scenarios.
Interactive, scenario-based learning resonates more with employees than traditional approaches. For example, simulations of phishing attempts or exercises on avoiding attachment errors can help employees internalize secure practices. Role-specific training adds another layer of relevance, addressing the unique challenges faced by different teams. Pair this with immediate, in-context feedback during daily tasks, and you have got a recipe for lasting behavior change. Empowering employees with the right tools and training builds a culture of security, reducing errors and enhancing confidence in their communication practices.
By adopting these strategies, organizations can bridge the gap between email security and risk management, ensuring compliance, minimizing data breaches, and enabling employees to work securely and effectively.
To dive deeper into our findings, download the full report here.
Rick Goud
CIO & Founder
Published: 9th January 2025
