It’s known as an ‘ohno-second’ that moment in time when you realize you’ve clicked send on something you shouldn’t have. But it’s no laughing matter, a new survey of more than 300 security and IT professionals from Abnormal AI highlights the growing threat and business impact of legitimate email messages sent to the wrong recipient.
These misdirected emails can result in data breaches, regulatory violations, remediation costs, and reputational damage. The research shows 98 percent percent of security leaders consider misdirected email as a significant risk when compared to other data loss risks like malware and insider threats.
And those fears are being realized with 96 percent of organizations surveyed experiencing data loss or exposure from misdirected email in the past year, and 95 percent reporting measurable business impact such as remediation costs, compliance violations, or damage to customer trust.
“This report offers a sobering realization,” says Mike Britton, CIO at Abnormal AI. “The same inboxes attackers target are also the source of accidental data loss within organizations. Enterprises have invested heavily in stopping inbound threats like phishing, but outbound email remains a major vector for human error — one that has historically been overlooked.”
Among other findings, 47 percent of security and IT professionals learn of misdirected emails from recipients rather than from security tools. Misdirected emails account for 27 percent of all data protection incidents under the GDPR last year, contributing to over $1.2 billion in fines worldwide.
In addition 97 percent of respondents believe behavioral AI can help prevent accidental data loss before it occurs. The average enterprise spends over 400 hours per year managing false positive alerts from data loss prevention (DLP) or email security tools.
“This is a visibility problem as much as it is a technology one,” Britton adds. “Traditional tools can’t differentiate a legitimate customer email from a sensitive message going to the wrong recipient. Protecting data today requires more than defending against external threats — it means understanding and supporting human behavior. Organizations that integrate AI-driven insights with user-centric safeguards are better positioned to prevent mistakes from turning into breaches.”
The full report is available from the Abnormal AI site.
Image credit: Morganka/Dreamstime.com
