- Report finds 98% of security leaders view misdirected emails as a major data security risk
- Misdirected emails caused $1.2bn in fines and 27% of GDPR incidents last year
- 97% believe behavioral AI can reduce human error and improve outbound email security
Cybercriminals and disgruntled employees are not the only thing businesses need to worry about when it comes to data security, as new research claims sending emails containing sensitive information to the wrong address by mistake is also becoming a major problem.
A report from Abnormal AI claims 98% of security leaders see misdirected emails (as emails sent to the wrong address are apparently called) as a “significant risk” compared to malware threats, or insiders.
Furthermore, 96% of organizations surveyed said they experienced both data loss and exposure from misdirected emails in the past year alone, while 95% reported “measurable business impact” in remediation costs, compliance violations, and eroded customer trust.
Measurable impact
That “measurable impact” translates to roughly $1.2 billion in fines worldwide, the report further states. Misdirected emails account for more than a quarter (27%) of all data protection incidents under GDPR last year, resulting in these tear-jerking fines.
“Enterprises have invested heavily in stopping inbound threats like phishing, but outbound email remains a major vector for human error—one that has historically been overlooked,” commented Mike Britton, CIO at Abnormal AI.
Just as with any other cybersecurity risk, this one should be mitigated with advanced tools, as well. That, however, doesn’t seem to be the case, since nearly half (47%) of security and IT professionals usually learn of misdirected emails from the recipients, rather than different alerts from their tech stack.
To actually address the issue, 97% believe behavioral AI can help, since the average enterprise spends more than 400 hours a year managing false positives from data loss prevention and email security tools.
“This is a visibility problem as much as it is a technology one,” Britton added. “Traditional tools can’t differentiate a legitimate customer email from a sensitive message going to the wrong recipient. Protecting data today requires more than defending against external threats—it means understanding and supporting human behavior. Organizations that integrate AI-driven insights with user-centric safeguards are better positioned to prevent mistakes from turning into breaches.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
