Company news

95% of IT leaders say that client and company data is at risk on email, research by Egress reveals

New research also reveals that 59% of IT leaders have reported increased data loss via email due to remote working

London, UK - 23rd February 2021– The Egress Data Loss Prevention Report 2021 has revealed that 95% of IT leaders say that client and company data is at risk on email. In addition, an overwhelming 83% of organisations have suffered data breaches via this channel in the last 12 months. Human error was at the root of nearly one-quarter of incidents, with 24% caused by an employee sharing data in error – for example, sending an email containing sensitive data to the wrong recipient or attaching the wrong file.

The study, independently conducted by Arlington Research on behalf of Egress, interviewed 500 IT leaders and 3,000 remote-working employees in the UK and US across vertical sectors including financial services, healthcare and legal.

Key insights include:

  • 95% of IT leaders believe that client and company data is at risk on email
  • Data is most at risk on email, with 83% of organisations experiencing email data breaches
  • Almost one-quarter (24%) of email data breach incidents were caused by an employee sharing data in error
  • 42% of IT leaders say that half of all incidents won’t be detected by their static DLP tools
  • 79% of IT leaders reported that they have deployed static email DLP solutions. However, that same amount reported experiencing difficulties resulting from their use
  • 85% of employees are sending more emails due to remote working, heightening the risk of an email data breach
  • 59% of IT leaders have reported an increase in email data leaks since implementing remote working as a result of the pandemic
  • 73% of employees feel worse due to the pandemic, leading to increased likelihood of mistakes and security incidents

The hidden cost of remote working

Remote working has left employees highly reliant on digital communication, turning to a host of tools from video conferencing software to chat applications to carry out their duties remotely. Employees have also become even more reliant on email, particularly for sharing sensitive data. Since the beginning of the pandemic, 85% of employees reported sending more emails and 80% say they use email to communicate confidential information, increasing the surface area for risk when it comes to an outbound email data breach.

The research also found that 60% of employees are working in environments where distractions and interruptions are commonplace, such as a shared home offices and communal spaces. In addition to concerns around confidentiality, the distractions faced by employees in these settings leads to an environment of heightened risk of accidental data loss.

The risk is compounded by stress and tiredness – and the research revealed that 73% of employees reported that they feel worse because of the pandemic. The blurring of work and home life has led to many employees working longer hours, in distracting environments, with both factors exacerbating the risk of an employee-activated security incident. 73% of employees surveyed revealed that they access work emails outside of their contracted working hours, and almost one-quarter of employees (24%) reporting that they are normally doing something else at the same time.

It’s no surprise then that 59% of IT leaders acknowledged that they have seen an increase in data leakage via email since employees started working remotely due to the COVID-19 pandemic.

Organisations rely on legacy email DLP technology – and it’s failing them

To mitigate this risk, 79% of IT leaders state that they have deployed static email DLP solutions. However, that same amount reported experiencing difficulties resulting from their use. Furthermore, their effectiveness was found to be limited, with 42% of IT leader respondents saying  that half of all incidents won’t be detected by the DLP tools they have in place.

Egress CEO Tony Pepper comments, “It’s clear to see that legacy DLP tools are no longer fit for purpose; they’re difficult to use and because they can’t take people’s behaviour into consideration, they’re limited in their ability to mitigate the rising tide of email data breaches in this new world of remote working. Many employees continue to work in challenging environments, and the lines between work and home life have been well and truly blurred. All of this contributes to the likelihood that a costly mistake might be made. Organisations must be aware of the new environment of risk that has been created by the working conditions brought about by the pandemic, and utilise advances in machine learning to give employees a safety net that can detect when they’re about to cause a data breach and prevent these incidents before they happen.”


Egress’ 2021 Data Loss Prevention Report was conducted by independent organization Arlington Research among 500 IT leaders and 3000 remote-working employees in the financial services, legal and healthcare sectors within the UK and the US.

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.

Trusted by the world’s biggest brands, Egress has offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto. In April 2024 KnowBe4, the provider of the largest security awareness training and simulated phishing platform, entered into a definitive agreement to acquire Egress.