The Misdirected Email Problem
Every year, thousands of data breaches are caused by employees sending emails to the wrong person. These are the numbers behind the problem — sourced from independent research.
UK ICO Incident Trends 2024
Data security incident trends reported to the UK Information Commissioner’s Office in Q1 2024.
Of all data security incidents were emails sent to the wrong recipient — the single most common incident type
Misdirected email is the leading cause of accidental data loss, consistently ranking first across all 2024 quarters
Total data security incidents reported to the ICO in Q1 2024 — a 21% increase from Q1 2023
Of reported incidents were non-cyber (human error), not malicious attacks
Percentage varies by quarter — Q4 2024 shows 21%.
UK ICO — Data Security Incident Trends (2024) · Osterman Research — ICO 2024 Update
Data Loss Prevention on Email
Findings from the Ponemon Institute’s 2022 study of 614 IT and IT security practitioners on email data loss.
Of data loss incidents caused by employee negligence — not following security policies
Average time to detect and remediate an incident caused by a negligent employee
Of IT security practitioners say email is the riskiest channel for data loss
Say current DLP solutions fail to effectively prevent misdirected email data loss
Organizations experienced accidental data loss over email in the past year
Average time to deploy and find value from traditional DLP solutions
Outbound Email Risk
IT decision-makers recognize outbound email as a critical and under-addressed risk vector.
Of IT leaders admit outbound mistakes cause more data loss than inbound attacks
Outbound email incidents per month at the average organization
Less than 2 in 5 IT leaders prioritize outbound email security
Of employees use workarounds to bypass security policies
The Human Factor
Employees are the front line of email security — and the most common source of mistakes.
Of employees say they are more likely to make email mistakes when busy or overwhelmed
Of employees don’t fully understand their organization’s email security policies
Of IT leaders cite inbound threats like phishing as their primary concern — overlooking outbound risk
Of outbound email incidents are formally reported — most go undetected
Of employees have sent wrong attachments in work emails
Of employees have sent emails to the wrong recipient
FAQ
Frequently asked questions
Common questions about the misdirected email problem — answered with verified research.
How common are misdirected emails?
Misdirected email is the #1 reported data security incident type. In Q1 2024, 18% of all 2,970 incidents reported to the UK ICO were emails sent to the wrong recipient — a 21% increase from Q1 2023.
Are misdirected emails really a security issue?
73% of data security incidents reported to the ICO are non-cyber — caused by human error, not hackers. Misdirected emails consistently rank as the single most common incident type, ahead of phishing and ransomware.
Why can't we just train employees better?
73% of employees are aware of security policies, but only 52% actually adhere to them. 54% say they make more email mistakes when busy or overwhelmed, and 38% don't fully understand their organization's email security policies.
Do most misdirected email incidents get caught?
No. Only 34% of outbound email incidents are formally reported — the majority go undetected. 33% of employees have sent wrong attachments and 32% have sent emails to the wrong recipient without reporting it.
Why not use existing DLP solutions?
Traditional DLP takes an average of 18 months to deploy and find value. Only 41% of IT security practitioners say current DLP solutions effectively prevent misdirected email data loss.
Isn't email security mostly about inbound threats?
66% of IT leaders admit that outbound mistakes cause more data loss than inbound attacks. Yet 47% still cite inbound threats like phishing as their primary concern — leaving outbound risk under-addressed.
Is the problem getting worse?
Yes. The ICO reported a 21% increase in data security incidents from Q1 2023 to Q1 2024, and misdirected email rose from 18% to 21% of all incidents between Q1 and Q4 2024. In the Netherlands, 85% of data breaches in 2024 were caused by human email errors.
How many employees bypass security policies?
60% of employees report using workarounds to bypass security policies. Among frequent mistake-makers, policy confusion climbs to 52%. Even though 73% of employees are aware of policies, only 52% actually adhere to them.
Ready to prevent accidental email data leaks?
Start securing your emails in minutes. Try it free.