Zivver, a leader in secure communications, has published its latest report, shedding light on critical gaps in email security practices and their alignment with increasing regulatory requirements. The findings from Email Security Trends 2025: The Widening Disconnect Between Email Security and Risk Management highlight the often-overlooked threats in email security, and the scrutiny of regulatory demands on organisations.
Landmark directives such as NIS2, DORA, and GDPR demand rigorous risk management, information classification, and data leak prevention, with email firmly in the compliance spotlight. Email is a cornerstone of business communication, with 93% of employees ranking it as “important” or “very important” for their daily work. Yet, as the sophistication of cyber threats increases and compliance requirements evolve, the risks tied to email usage have become a pressing concern for organisations worldwide.
According to the report, which surveyed 400 IT decision-makers and 2,000 employees across the US, UK, Netherlands, France, Germany, and Belgium, over two-thirds of IT leaders report that vendors are not innovating quickly enough to address emerging risks, and 60% of employees admit to using workarounds to bypass email security policies. Additionally, only 24% of IT leaders feel their security spending is very well-aligned with actual risks, leaving organisations vulnerable to both inbound and outbound threats.
Other key findings from the report include:
- While 47% of IT leaders prioritise phishing and inbound threats, two-thirds admit that outbound email mistakes—such as misaddressed emails or improper encryption—cause more significant data losses.
- Over 50% of employees admit to email-related mistakes every few months, and 60% report using workarounds to bypass policies, indicating a need for better tools and training.
- While 73% of employees are aware of the security policies pertaining to email, only 52% adhere to them
- Only 34% of email incidents are formally reported, leaving IT teams unaware of the full scope of security breaches.
- 54% of employees say they are more likely to make email mistakes when they are busy or overwhelmed, highlighting the need for supportive tools.
Rick Goud, Co-Founder and CIO at of Zivver said: “Compliance requirements today demand that organisations take a comprehensive view of email security, integrating robust solutions that address both inbound and outbound risks. By embedding security measures into existing workflows and ensuring they align with evolving regulations, businesses can create a safer and more compliant environment for employees. This report offers actionable insights to help organisations align their security measures with today’s challenges while maintaining the trust and productivity that email enables.”
To read the full report you can download a copy here.