Zivver, a pioneer in secure communications, has published its latest report, shedding light on critical gaps in email security practices and their alignment with increasing regulatory requirements.
The findings from Email Security Trends 2025: The Widening Disconnect Between Email Security and Risk Management highlight the often-overlooked threats in email security, and the scrutiny of regulatory demands on organisations.
Data leak prevention
Landmark directives such as NIS2, DORA, and GDPR demand rigorous risk management, information classification, and data leak prevention, with email firmly in the compliance spotlight. Email is a cornerstone of business communication, with 93% of employees ranking it as “important” or “very important” for their daily work.
Yet, as the sophistication of cyber threats increases and compliance requirements evolve, the risks tied to email usage have become a pressing concern for organisations worldwide.
Inbound and outbound threats
Additionally, only 24% of IT pioneers feel their security spending is very well-aligned with actual risks
According to the report, which surveyed 400 IT decision-makers and 2,000 employees across the US, UK, Netherlands, France, Germany, and Belgium, over two-thirds of IT pioneers report that vendors are not innovating quickly enough to address emerging risks, and 60% of employees admit to using workarounds to bypass email security policies.
Additionally, only 24% of IT pioneers feel their security spending is very well-aligned with actual risks, leaving organisations vulnerable to both inbound and outbound threats.
Key findings of the report
Other key findings from the report include:
- While 47% of IT pioneers prioritise phishing and inbound threats, two-thirds admit that outbound email mistakes—such as misaddressed emails or improper encryption—cause more significant data losses.
- Over 50% of employees admit to email-related mistakes every few months, and 60% report using workarounds to bypass policies, indicating a need for better tools and training.
- While 73% of employees are aware of the security policies pertaining to email, only 52% adhere to them
- Only 34% of email incidents are formally reported, leaving IT teams unaware of the full scope of security breaches.
- 54% of employees say they are more likely to make email mistakes when they are busy or overwhelmed, highlighting the need for supportive tools.
Integrating robust solutions
Rick Goud, Co-Founder and CIO of Zivver said: “Compliance requirements today demand that organisations take a comprehensive view of email security, integrating robust solutions that address both inbound and outbound risks."
"By embedding security measures into existing workflows and ensuring they align with evolving regulations, businesses can create a safer and more compliant environment for employees. This report offers actionable insights to help organisations align their security measures with today’s challenges while maintaining the trust and productivity that email enables.”
