Three out of five organizations lose data due to email errors
Three out of five organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months, according to a new study.
Research from email security company Tessian and the Ponemon Institute shows 65 percent of over 600 IT security practitioners surveyed see email as the riskiest channel, followed by 62 percent for cloud file sharing and 57 percent for instant messaging.
The most common types of confidential and sensitive information lost or intentionally stolen include: customer information (61 percent); intellectual property (56 percent); and consumer information (47 percent). User-created data (sensitive email content, text files, M&A documents), regulated data (credit card data, Social Security numbers, national ID numbers, employee data), and intellectual property are seen as hardest to protect.
The top two consequences of data loss incidents are revealed as non-compliance with data protection regulations (57 percent) and damage to an organization’s reputation (52 percent).
"This study showcases the severity of data loss on email and the implications it has for modern enterprises," says Larry Ponemon, chairman and founder of the Ponemon Institute. "Our findings prove the lack of visibility organizations have into sensitive data, how risky employee behavior can be on email and why enterprises should view data loss prevention as a top business priority."
The majority of organizations surveyed (73 percent) are concerned that employees do not understand the sensitivity or confidentiality of data they share through email. In addition, marketing and public relations departments are most likely to put data at risk when using email (61 percent), closely followed by production/manufacturing (58 percent) and operations (57 percent).
Yet despite these risks, organizations don't have adequate training in place. While 61 percent have security awareness training, only about half of IT security leaders say their programs properly address the sensitivity and confidentiality of the data that employees can access on email.
Tessian's chief information security officer Josh Yavor says, "To create awareness and mitigate data loss incidents, organizations need to be proactive in delivering effective data loss prevention training while also gaining greater visibility into how employees handle company data. Security awareness training that directly addresses common types of data loss -- including what's okay to share with personal accounts and what's not okay to take with you when you leave a company -- and a culture that builds trust and confidence among employees will improve security behaviors and limit the amount of data that flows out of the organization."
You can read more and get the full report on the Tessian blog.