Every year, thousands of data breaches are caused by employees sending emails to the wrong person. These are the numbers behind the problem — sourced from independent research.
Data security incident trends reported to the UK Information Commissioner’s Office in Q1 2024.
Of all data security incidents were emails sent to the wrong recipient — the single most common incident type
Misdirected email is the leading cause of accidental data loss, consistently ranking first across all 2024 quarters
Total data security incidents reported to the ICO in Q1 2024 — a 21% increase from Q1 2023
Of reported incidents were non-cyber (human error), not malicious attacks
Percentage varies by quarter — Q4 2024 shows 21%.
UK ICO — Data Security Incident Trends (2024) · Osterman Research — ICO 2024 Update
Findings from the Ponemon Institute’s 2022 study of 614 IT and IT security practitioners on email data loss.
Of data loss incidents caused by employee negligence — not following security policies
Average time to detect and remediate an incident caused by a negligent employee
Of IT security practitioners say email is the riskiest channel for data loss
Say current DLP solutions fail to effectively prevent misdirected email data loss
Organizations experienced accidental data loss over email in the past year
Average time to deploy and find value from traditional DLP solutions
IT decision-makers recognize outbound email as a critical and under-addressed risk vector.
Of IT leaders admit outbound mistakes cause more data loss than inbound attacks
Outbound email incidents per month at the average organization
Less than 2 in 5 IT leaders prioritize outbound email security
Of employees use workarounds to bypass security policies
Employees are the front line of email security — and the most common source of mistakes.
Of employees say they are more likely to make email mistakes when busy or overwhelmed
Of employees don’t fully understand their organization’s email security policies
Of IT leaders cite inbound threats like phishing as their primary concern — overlooking outbound risk
Of outbound email incidents are formally reported — most go undetected
Of employees have sent wrong attachments in work emails
Of employees have sent emails to the wrong recipient
FAQ
Common questions about the misdirected email problem — answered with verified research.
Misdirected email is the #1 reported data security incident type. In Q1 2024, 18% of all 2,970 incidents reported to the UK ICO were emails sent to the wrong recipient — a 21% increase from Q1 2023.
73% of data security incidents reported to the ICO are non-cyber — caused by human error, not hackers. Misdirected emails consistently rank as the single most common incident type, ahead of phishing and ransomware.
73% of employees are aware of security policies, but only 52% actually adhere to them. 54% say they make more email mistakes when busy or overwhelmed, and 38% don't fully understand their organization's email security policies.
No. Only 34% of outbound email incidents are formally reported — the majority go undetected. 33% of employees have sent wrong attachments and 32% have sent emails to the wrong recipient without reporting it.
Traditional DLP takes an average of 18 months to deploy and find value. Only 41% of IT security practitioners say current DLP solutions effectively prevent misdirected email data loss.
66% of IT leaders admit that outbound mistakes cause more data loss than inbound attacks. Yet 47% still cite inbound threats like phishing as their primary concern — leaving outbound risk under-addressed.
Yes. The ICO reported a 21% increase in data security incidents from Q1 2023 to Q1 2024, and misdirected email rose from 18% to 21% of all incidents between Q1 and Q4 2024. In the Netherlands, 85% of data breaches in 2024 were caused by human email errors.
60% of employees report using workarounds to bypass security policies. Among frequent mistake-makers, policy confusion climbs to 52%. Even though 73% of employees are aware of policies, only 52% actually adhere to them.
Start securing your emails in minutes. Try it free.