Email recipient errors leading to customer losses for a third of businesses

Research from Tessian has revealed that nearly a third (29%) of businesses have lost a client or customer as a result of email recipient errors

The Psychology of Human Error report from Tessian revealed that two in five respondents (40%) have sent work emails to the wrong person, while 39% of employees have sent an email with the wrong attachment in the last 12 months.

As well as reporting accidental data loss to customers — something 35% of respondents said they did — businesses also had to report the incidents to regulators.

In fact, the number of breaches reported to the Information Commissioner’s Office (ICO), caused by data being sent to the wrong person on email, was 32% higher in the first nine months of 2021 than the same period in 2020.

Pressure and distractions key factors

When asked why emails were sent to the wrong person, exactly half of employees said they were under pressure to send the email quickly — up from 34% in 2020.

49%, meanwhile, said they weren’t paying attention, versus 36% in 2020, and 47% said they were distracted — up from 41% in 2020.

Academics who contributed to the report suggest increases in mistakes caused by stress and distraction could be linked to changes to working environments over the past 18 months.

Jeff Hancock, professor of communication at Stanford University, explained: “With the shift to hybrid work, people are contending with more distractions, frequent changes to working environments, and the very real issue of Zoom fatigue — something they didn’t face two years ago.

“You also have to consider the impact that the Great Resignation is having on people’s workloads. When stressed, distracted and tired, people’s cognitive loads become overwhelmed and that’s when mistakes happen.

“Businesses, therefore, need to understand how factors like stress affect people’s cyber security behaviours and take steps to support employees so that they can work productively and securely.”

A loss of trust

While the percentage of employees who made email recipient errors has dropped 8% since July 2020, the impact of incorrect email recipients on customer trust have become more severe.

The percentage of respondents who stated their business lost a customer or client due sending an email to the wrong person increased from 20% in 2020 to 29% in 2021.

Additionally, 21% of employees said they lost their job after making the error – up from 12% reported in 2020.

With harsher consequences in place, Tessian’s report reveals fewer employees are reporting their mistakes to IT — one in five (21%) didn’t report security incidents, versus 16% in 2020, resulting in security teams having less visibility of threats in their organisation.

“Rewards are far more effective than punishment. If employees feel uncomfortable in reporting security mistakes, security teams will never have full visibility into these threats,” said Josh Yavor, chief information security officer at Tessian.

“So rather than scaring employees into compliance, encourage employees to engage with security by creating positive security experiences so that you can cement a partnership mindset between security teams and staff. Those positive incentives will help combat security nihilism and build strong security cultures.”

Tessian’s Psychology of Human Error report surveyed 2,000 working professionals: 1,000 in the US and 1,000 in the UK, aged 18 to 51+, in January 2021. The full study can be found here.

Related:

Addressing insider threats: how board members can maintain cyber security — Paul Stark, general manager, UK at OnBoard, discusses how board members can address insider threats by maintaining cyber security.

Why email is still the most significant vector that attackers exploit — Chris Powell, head of cyber labs at 6point6, explores why email remains the most significant attack vector that attackers exploit.