IT Brief US - Technology news for CIOs & IT decision-makers
United States

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Open envelope digital data streams security shields locks email vulnerability illustration
#
Data Protection
#
Email Security
#
Risk & Compliance

Email remains top vulnerability for sensitive data, report finds

Today
Author image
By Shannon Williams, Journalist

Kiteworks has published findings from its 2025 Data Security and Compliance Risk Report, examining the persistent vulnerabilities associated with email as a channel for sensitive communications.

The report, based on insights from 461 cybersecurity professionals operating across 11 industries and four global regions, indicates that email continues to be the most exposed method for the transmission of sensitive information, surpassing alternatives such as SFTP by 16% in terms of risk.

Email exposure

Despite advances in security technology, the report notes that 90% of sensitive business communications still occur via email, leaving many organisations susceptible to threats stemming from both system architecture and human error. The survey found that the outdated structure of email creates vulnerabilities that are not completely mitigated by additional security features currently in use.

According to research, the risk profile for email is not uniform across industries and regions. Defence and Security organisations were found to be over 50% more likely to experience email-related breaches than those in the Life Sciences sector. Organisations in the Asia-Pacific region were identified as nearly 30% more exposed than their counterparts in Europe.

Geographic and industry differences

The study underscores how industry and geographic factors contribute to organisations' vulnerability to data breaches. The findings suggest that evaluating risk based solely on industry averages may lead to a false sense of security, leaving certain subgroups with significantly higher exposure overlooked.

The report found that organisations in APAC regions face a markedly higher risk, with exposure nearly 30% greater than those organisations surveyed in Europe. Similarly, Defence and Security organisations report more than 50% higher likelihood of facing an email breach compared to those in Life Sciences.

The role of human error

Human error remains a central driver of breaches, as 60% of incidents are attributed to mistakes by employees. Organisations that implement proactive strategies to reduce these mistakes - such as blocking misaddressed emails and providing sensitive data alerts - reported 41% fewer incidents than those relying mainly on inbound threat blocking.

"Email's architecture was never built for secure data transmission, and our research shows that risk persists despite decades of incremental fixes," said Tim Freestone, CMO of Kiteworks. "Attackers exploit industry- and region-specific weaknesses. Organisations that benchmark against averages instead of their true exposure are flying blind."

Freestone's comments point to the importance of understanding the specific risk landscape faced by different types of organisations, rather than relying on general industry standards for cybersecurity strategy and investment.

Practises that reduce risk

The report highlights three main practices common among organisations that have successfully managed to reduce their email risk: proactive prevention of human errors, the adoption of zero-knowledge encryption - which ensures that sensitive content remains inaccessible even to administrators - and seamless integration of security protocols to achieve adoption rates above 95%, in contrast to less than 30% when additional user action is required.

The survey's analysis also finds that outsourcing employee education alone is insufficient; successful organisations are those which automate prevention steps and make secure communication channels the default with minimal barriers for users.

Ongoing risks

The research indicates that many organisations underestimate their email risk by benchmarking against average figures, potentially obscuring the reality for high-risk groups within their own operations. The study calls for more granular assessment of exposure by considering the unique characteristics of an organisation's industry and geographic presence.

The report suggests that as long as email remains a principal channel for sensitive data exchange, it will represent a significant vector for attacks - one shaped by specific sector and regional vulnerabilities, as well as by company policies and culture around data security.

Organisations are encouraged to reassess their current exposure to email-related data breaches and to prioritise investment in targeted strategies designed to address both structural and human-factor vulnerabilities. The findings reveal that only by tailoring approaches to the organisation's true risk profile can email security be effectively managed.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cisco introduces AI-powered Splunk Security editions for faster threat defence
BlackLine unveils Verity AI to transform financial operations
Firewalla App 1.66 brings zero trust, AI insights & new parental tools
KnowBe4 unveils framework for people-centric cybersecurity culture
Cisco launches Splunk AI-driven tools to streamline SOC security

Top stories

Industrial AI in manufacturing to hit USD $153.9 billion by 2030
Tata & Cisco team up to bring global eSIM IoT management to enterprises
Exabeam adds AI agent threat detection to New-Scale platform
Pedro Diaz named Tanium's Chief Revenue Officer to boost growth
Global spending on GenAI smartphones to hit USD $298.2 billion