Human error is one of the biggest enterprise email risks
It’s known as an ‘ohno-second’ that moment in time when you realize you’ve clicked send on something you shouldn’t have. But it’s no laughing matter, a new survey of more than 300 security and IT professionals from Abnormal AI highlights the growing threat and business impact of legitimate email messages sent to the wrong recipient.
These misdirected emails can result in data breaches, regulatory violations, remediation costs, and reputational damage. The research shows 98 percent percent of security leaders consider misdirected email as a significant risk when compared to other data loss risks like malware and insider threats.
Are we human or are we security risk?
Not quite how The Killers put it, but a new report shows Human workers remain the most consistent point of attack for cybercriminals, with shadow IT and AI-driven social engineering providing attackers with both new tools and new targets.
The 2025 Global Threat Intelligence Report from Mimecast reveals key trends, including the rise of smarter, AI-powered phishing and social engineering cyberattacks, and threat groups increasingly using trusted services to evade detection and reach targets. Mimecast’s analysis finds that phishing accounts for 77 percent of all attacks up from 60 percent in 2024 with attackers likely leveraging more AI tools.
How can organizations mitigate the security risks caused by human error?
There’s a great quote which goes along the lines of “To err is human, but to really foul things up requires a computer”. When applied to cyber security this can fit very well, as human error is a major contributing factor towards data breaches. People are inherently prone to making mistakes, and when working with complex technology the risks are massively amplified. It’s hardly surprising, therefore, that almost three-quarters (74 percent) of CISOs view human error as the most significant cyber security vulnerability, according to a recent study.
Examining the issues relating to cloud security more specifically reveals a wide variety of people-problems. From technology misconfiguration and phishing to multi-factor authentication (MFA) errors, social engineering, and alert fatigue, exploiting our shared propensity for making mistakes has become a focal point for threat actors.