Misaddressed emails were the #1 data security incident reported in 2017

Tim Sadler comments on the alarming statistic released by the Information Commissioner’s office stating that misaddressed emails were the number form of data loss in 2017. Tim Sadler is CEO & Co-Founder of Tessian, a next-generation email security platform using machine intelligence to analyze email networks and automatically prevent highly sensitive emails being sent to the wrong people with minimal end-user disruption.

by Tim Sadler, CEO & Co-Founder, Tessian

With emails forming the main artillery of communication in most organizations, it is perhaps not surprising that email data breaches were the main cause of critical data loss in financial, legal and professional firms in the UK in 2017.

Today’s rapidly evolving cybersecurity landscape is creating a sea change for how enterprises run their business. Impending changes to data protection legislation via GDPR law, coupled with daily news stories about cyber attacks in every form, have left many organizations scrambling to put a plan in place that will effectively shield their business against risk.

Common Perceptions of Cybersecurity

Often when people talk about cybersecurity, what they’re really referring to is external cyber threats like malicious hackers. The incidence of attacks on companies of all sizes and sectors from these sources has increased sharply in the last 12 months. In 2017, the number of ransomware attacks increased by 36% and an estimated 6.5% of people fell victim to identity fraud. This type of cyber risk is at the forefront of everyone’s mind and the top of every Board’s cybersecurity agenda.

We are currently living in an era where the trials, scandals, and downfall of companies that once might have remained behind closed doors have become media fodder. This is especially true of high profile cases of cyber attacks and security breaches on enterprises and governments. Attention-grabbing headlines about malicious attacks create a climate of fear, which actually distorts the reality and severity of some of the far less sensational challenges around cybersecurity.

For businesses and governments, this is problematic in assessing risk and accountability. It gives a false impression that in order to eliminate risk, they must build an impenetrable fortress around their enterprise that no attacker can enter. But this is not the case.

95% of all security incidents involved human error – IBM

A quick look at the data security incidents reported to the Information Commissioner’s Office last year tells a different story about the risk to the one we hear in the media.

In 2017, the number one digital data security incident reported to the ICO was not credential phishing, ransomware scams or anonymous hackers. It was data loss due to misaddressed emails. To be specific, the ICO details the most reported digital data security incident as:

“Data sent by email to the incorrect recipient or failure to use bcc when sending an email.”

So despite how high businesses build those walls to insulate themselves from external attacks, the more prevalent problem is accidentally leaking sensitive information through an open window.

Human error is an enterprise-level threat that businesses and governments must address and be held accountable for. According to research by IBM, 95% of all security incidents involved human error. Unfortunately, human beings are capable of wreaking complete havoc on enterprises without malicious intent. Luckily, there is only a minority of people who are in charge of dealing with missiles as part of their daily job. But for everyday businesses, sensitive data loss via misaddressed emails is the most common cyber risk. In the pantheon of cyber risks, misaddressed emails may not be as newsworthy or as scandalous of a threat as malicious hackers, but it is a serious, ubiquitous risk.

The Impact of Human Error on Businesses and Governments

Emailing is such a familiar part of our daily lives that we don’t consider it to be as harmful as it can be. It is the main artery of communication for enterprises and governments, used to share the most highly classified and the most trivial of information.

Given the huge volumes of sensitive data traded every day by governments and businesses such as law firms, hedge funds, banks, and medical clinics, the consequences of just one of these emails ending up in the wrong hands are extremely damaging.

In the case of the legal industry, there was a 173% increase in the number of legal sector information security incidents reported to the ICO in Q1 of 2017 alone. If a law firm were to accidentally leak confidential project information to the wrong client or third party, to a member of the press or to a personal email account that was later hacked, that law firm could face the loss of that client and potentially others whose faith in the firm was ruined, loss of income and serious reputational damage if the incident was reported in the media.

Not to mention the serious financial penalties of personal data breaches. As of May 2018, when new GDPR legislation is enforced, organizations can be fined up to 4% of their global annual turnover for data breaches. In forcing businesses and governments to take accountability for the data they must protect, GDPR law also states that any personal data breach must be reported no later than 72 hours after becoming aware of it.

Not acknowledging personal data breaches – or failing to prevent them from happening – will no longer be an option for businesses and governments. Organizations must have a clear-cut way of monitoring and preventing sensitive data loss, especially via misaddressed emails, in order to demonstrate accountability.

Tessian is an award-winning email security platform that helps enterprises counteract human error and prevent misaddressed emails. Using advanced machine intelligent technology, Tessian analyses email networks and automatically prevents highly sensitive emails being sent to the wrong people. Some of the world’s leading organizations across the legal, financial, professional services and technology sectors rely on Tessian as a critical component of their cybersecurity framework.

Despite the notions we have of cyber risk, it is the threat of human error that must become a bigger part of the cybersecurity agenda. It is impossible to remove the presence of human error from an organization entirely, but businesses and governments must mitigate and take accountability for this risk by identifying internal risk and using smart cybersecurity software to counteract it. UK companies are realizing the importance of investing in cybersecurity technology not just to prevent, but also to detect and report, any emails that could have been sent to the wrong person. Given the current climate and impending changes to UK data law, having control and peace of mind that confidential client data will remain confidential is a critical priority for all businesses in 2018.

Tessian, formerly CheckRecipient, is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss. Tessian uses machine intelligence to analyze email networks and automatically prevent highly sensitive emails being sent to the wrong people with minimal end-user disruption. Some of the world’s leading organizations across the legal, financial, professional services and technology sectors rely on Tessian as a critical component of their cybersecurity framework.

The rebrand comes after a year of triple-digit growth for the company which also saw the team expand from 7 to 45. 2017 kicked off with Tessian CEO, Tim Sadler, being named on the Forbes 30 Under 30 list in Technology and over the course of the year the company picked up other high profile awards such as Best Innovation in Data Protection and Privacy (CogX), Best Security Startup (Info Security Products Guide) and the UK’s Most Innovative Security Startup (Dept of Culture Media and Sport). Tessian is backed by the world’s best venture capital firms and raised a $2.7 million funding round led jointly by Accel and LocalGlobe. Others participating include Winton Ventures, Amadeus Capital Partners and Crane.

To find out more, visit www.tessian.com.

About the Author

Tim Sadler is the CEO & Co-Founder of Tessian. Tim is the CEO and co-founder of Tessian, a next-generation email security platform which uses machine learning to predict when emails are being sent to the wrong people. Some of the world’s largest organizations across the financial and legal sectors are using Tessian and in the past 6 months, the company has been crowned “Best Security Startup” by WIRED, “Best Machine Intelligence Startup” by Legal Geek and “Best Startup – Gold Category” by Info Security Products Guide. Tim holds three Masters degrees in design, engineering, and innovation from Imperial College and formerly worked in HSBC’s Global Banking division — Tim was also listed as one of Forbes “30 Under 30” in European Technology for 2017. Tim Sadler can be reached online at: https://www.linkedin.com/company/tessian and https://twitter.com/tessian
and at our company website: http://www.tessian.com/

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase