Why Tessian?
Platform

Intelligent Cloud Email Security

Our Platform

Tessian Cloud Email Security Platform
Preventing advanced threats and data loss on email

Email Defense

Tessian Defender
Automatically prevent inbound email attacks

Email Data Protection

Tessian Guardian
Automatically prevent accidental data loss from misdirected emails

Tessian Enforcer
Automatically prevent data exfiltration and insider threats

Tessian Architect
Intelligent policies for custom data protection
Solutions

Tessian Solutions

Our Solutions

Advanced Threat Protection
Detect and prevent advanced email threats like spear phishing, ransomware, ATO, and BEC.

Email Data Loss Prevention
Detect and prevent email data loss caused by employee mistakes and insider threats.

Email Protection for Microsoft
Enhance Microsoft 365 security capabilities for protection and defense in-depth.
Customers

Our Customers

Customers by Industry

Finance

Healthcare

Legal

Technology
Resources

Tessian Resources Hub

Resources by Type

Blog

Events

Webinars

Research

Podcast

Product Videos

Knowledge Hub

SEG Consolidation Wizard

Featured Resources

SEG Consolidation Wizard

On-Demand Webinar | Microsoft E3 and E5 + Tessian: Complete Email Protection

Forrester Consulting findings uncover a 268% ROI over three years with The Tessian Cloud Email Security Platform

Tessian Named Representative Vendor in the 2023 Gartner® Market Guide for Email Security

Earn CPE Credits
Blog

Tessian Blogs

Blog Posts by Category

Advanced Email Threats

Email DLP

Compliance

Threat Intel

Why DLP Has Failed and What the Future Looks Like

Data loss – whether accidental or intentional – is a big problem for organizations. Why? Because people control our data, and people break the rules and make mistakes.
We’re only human.

Download Now

Why DLP Has Failed and What the Future Looks Like

Email threats from external bad actors like spear phishing and business email compromise dominate headlines. But email threats from insiders are steadily rising.

In fact, there’s been a 47% increase in incidents over the last two years; this includes accidental data loss and deliberate data exfiltration by negligent or disgruntled employees or contractors.

And, with GDPR fines totaling nearly $200 million between January 26, 2020, and January 27, 2021, data privacy regulations are going to drive the cost of resolution even higher.

That’s one reason why data loss prevention (DLP) is one of the top spending priorities for IT leaders and why email is the threat vector most IT leaders are concerned about protecting.

The question is: Do security, compliance, and IT leaders have true visibility over how their employees are handling and mishandling data on email?

According to our research, not yet. But, after reading this report, they should have enough information to inform their view.

Ultimate Guide to Data Loss Prevention

Your data loss prevention (DLP) tools and strategy are critical to the safe running of your business. Read out ultimate guide to minimizing the risk of confidential or business-critical data leaving an organization.

IT leaders are over-reliant on security training.

While the DLP market is saturated with rule-based software, IT leaders actually count security awareness training and “following company policies and procedures” as the most effective ways to prevent data loss.

Perhaps that’s why over half (61%) of employee survey respondents have training every 6 months or more and highly regulated industries like Financial Services and Healthcare have it even more frequently.

Security awareness training confronts the crux of data loss by educating employees on best practice and company policies. But, how effective is training and can it influence and actually change human behavior for the long-term?

Learn More

The State of Data Loss Prevention in Financial Services 2021

New DLP research from Tessian explores DLP in financial services. Download now to learn how frequently data loss incidents happen, why, and how to stop them.

More training doesn’t equate to fewer security incidents.

The percentage of the employees surveyed who admit to sending misdirected emails (emails accidentally sent to the wrong person) is the highest in organizations that provide security awareness training the most frequently: 63% of employees who receive training every 1-3 months say they remember sending emails to the wrong person. This number drops to 43% in organizations that conduct training once a year or less often.

Likewise, employees who receive training once every 1-3 months were almost twice as likely to say they’ve sent company data to personal email accounts as employees who receive training just once a year. At Tessian we call these “unauthorized emails”.

Employees aren’t reporting their mistakes.

One of the reasons IT leaders don’t have true visibility over the flow of data within their organizations is because employees don’t always report their mistakes internally.

Whether it’s because they’re afraid to admit wrongdoing or simply because they don’t know the implications or their internal reporting processes, this means many security leaders underestimate how many misdirected emails are sent within their organization every year.

IT leaders working at organizations with 1,000+ people in the US estimate 480 emails are sent to the wrong person every year. On the other hand, according to Tessian data, an average of 800 emails are misdirected in organizations with 1,000 employees during a single year.

The most culpable? Young, digital natives.

Understandably, behaviors vary based on different demographics, but generational differences are the most stark.

For example, according to the survey respondents, 18-30-year-olds – who have grown up in an “always-on” culture – are 3x more likely to send misdirected emails than workers who are 51+. And, while 31-40 year olds are more careful on email, over half (57%) admit to firing off an email to the wrong person.

This is especially concerning because millennials (aged 22-38) represent the largest labor market share of any single generation.

Learn More

The State of Data Loss Prevention in Healthcare 2021

New DLP research from Tessian explores DLP in healthcare. Download now to learn how frequently data loss incidents happen, why, and how to stop them.

People break the rules more often than IT leaders think.

While sending company data to personal email accounts isn’t always malicious, it is often against security policies.

Of course, sending company data to a personal email account can also be a sign of intentional data exfiltration by, for example, a disgruntled employee on their way out or an insider threat.

This happens much more often than IT leaders think. While they estimate just 720 unauthorized emails are sent each year in organizations with 1,000+ employees, according to Tessian data, an average of 27,500 unauthorized emails are sent a year in an organization with 1,000 employees.

That’s 38x more than estimated.

"Communication between the IT department is more important now than ever. We have to maintain a sense of community, trust, and visibility, even with everyone siloed in their own homes."

Jay Leaf-Clark, Head of Information Technology at Dashlane

"I’m an optimist, so I genuinely believe that the average employee is trustworthy. I think if you give people the opportunity to make a good decision and make the easiest path to get their job done, the secure path, then they will take it."

Tim Fitzgerald, Chief Information Security Officer at Arm

"People understand phishing. It’s in the news, it’s mainstream. Data loss and the implications of human error aren’t. But, that doesn’t mean phishing is a bigger threat than these outbound threats. Not at all."

Shanit Gupta, Head of TechOps at Carbon

"When you implement a DLP solution, workarounds are almost inevitable. Oftentimes, you have to build them in for your employees with specific policies...I wish there was a better way."

Chris Freeman, Information Security Program Lead at EY

US employees are the least careful and compliant.

Based on the survey results, employees in the US break the rules more often than those in the UK. Not only are they twice as likely to send unauthorized emails, they’re also almost twice as likely to download, save, or otherwise exfiltrate work-related documents before leaving or after being dismissed from a job.

They also seem to make more mistakes. The likelihood of misdirecting an email doubles in the US, with 72% of US employees admitting to doing so compared to just 31% in the UK.

This suggests data privacy regulations like GDPR – which sparked a 44% increase in cybersecurity investment in the UK – could be influencing how people handle data. Will new standards like the CCPA effect similar positive changes in the US?

Remote-working brings new challenges.

As many organizations have been forced to adopt remote-working structures and policies – and as more are opting to keep these flexible structures – maintaining visibility over data flow is now more difficult. The new office is a virtual one, which means past strategies have become obsolete. In fact, they became obsolete the day companies switched to remote-working. It’s no wonder, then, 84% of IT leaders say DLP is more challenging when their workforce is working remotely.

Nonetheless, 91% of IT leaders say they trust their employees to follow security best practice while out of the office.

Learn More

The State of Data Loss Prevention in Legal 2021

New DLP research from Tessian explores DLP in legal. Download now to learn how frequently data loss incidents happen, why, and how to stop them.

Adjusting to the “new normal”.

When asked why they were less likely to follow safe data practices when working from home, employees cited not working on their usual devices (50%), not being closely monitored by IT teams (48%), and being distracted (47%) as the top three reasons.

It makes sense. When working remotely – especially from home – people have other responsibilities or distractions like childcare and roommates and, more often than not, they don’t have dedicated workstations like they do in their normal office environment. This isn’t trivial.

Risky Business.

Once again, there is a marked difference in responses based on age, region, and frequency of training. While just 19% of employees 51 and over feel they can get away with riskier behavior while working from home, 59% of employees aged 18-30 said the same. Likewise, US workers are almost twice as likely to agree they can get away with more while out of the office.

Without the watchful eye of IT staff, employees are inclined to seek out the easiest or most convenient path to getting their jobs done. And, when you consider over half (51%) of employees say security policies impede their productivity, the easiest or most convenient path often involves skirting around security rules.

Next-Gen DLP.

Machine learning based protections are a step in the right direction towards DLP, though. In fact, one in five (19%) security leaders believes machine learning and intelligent automation is the most effective way to prevent data loss.

Without inhibiting employees or burdening IT teams, machine learning algorithms trained on millions of your own historical email data points can understand normal patterns of employee behavior and accurately and automatically predict when they’re making a mistake or breaking the rules.

Next Generation DLP takes human error out of the cybersecurity equation, protects your people, and empowers them to work safely wherever they are.

The Key Insights.

While sending an email to the wrong person, forwarding company data to a personal email account, or disregarding security policies every now and then may seem inconsequential to employees, these behaviors can and do lead to data breaches.

According to Tessian’s own data and survey results:

1.6x more misdirected emails are sent than IT leaders estimated and unauthorized emails are sent 38x more frequently than estimated.
Employees who receive training once every 1-3 months are almost twice as likely to send company data to personal email accounts as employees who receive training just once a year.
While 91% of IT leaders trust their employees to follow safe data practices while working from home, 48% of employees say they’re less likely to follow safe data practices when working from home.
Dozens more insights in the full report.

Why DLP Has Failed and What the Future Looks Like

Download the full report for even more insights about how to effectively prevent data loss, the challenges associated with remote-working, and the behaviors and attitudes of employees.

Download Now

METHODOLOGY

In addition to using Tessian platform data, we commissioned OnePoll to survey 2,000 working professionals: 1,000 in the US and 1,000 in the UK; additionally OnePoll surveyed 250 IT leaders in the US.

Survey respondents varied in age from 18-51+, occupied various roles across departments and industries, and worked within organizations ranging in size from 2-1,000+.

We also interviewed several IT, security, and compliance professionals with diverse backgrounds, all of whom provided insights that helped frame this report.

Publically available third-party research was also used, with all sources listed in the downloadable PDF.

Midpoints and averages were used when calculating some figures and percentages may not always add up to 100% due to rounding.