75% of large organizations suffered a staff-related breach. In the graphical report we reveal the most significant email security risks facing organizations today and three sure ways encryption can mitigate them.

1. HOW MUCH CAN YOU TRUST EMAIL?
The most significant risks and 3 sure ways to mitigate them
Many organizations focus on protecting against external attacks but
ignore a threat that might be even more destructive: Email.
Theft of confidential data for corporate espionage, the disclosure of
trade secrets, material for digital extortion or the release of private
health information to the public can all be gained from email.

3. • The typical employee sends 30 EMAILS A DAY
• One out of every four corporate emails CONTAIN
ATTACHMENTS
• The majority of emails, are openly sent and EASILY
INTERCEPTED. 61% of employees admit sending
confidential information through open email
channels.
Email was the dominant communication mechanism in
2015 with over 116 billion business messages sent a
day. That’s 116 billion chances for sensitive
information to be intercepted – either with malicious
intent or accidentally.
BY 2019, CORPORATE EMAIL ACCOUNTS
WORLDWIDE WILL EXCEED 1.3 BILLION!

4. FINANCIAL
SERVICES
HEALTHCARE
INDUSTRY
OIL & GAS
INDUSTRY
Over 59% of financial
services companies hold
significant amounts of
financial, health and
personal information.
76.7% share the sensitive
data they hold electronically
with business associates.
91% had at least one data
breach involving the loss or
theft of patient data, while
87% of their business
partners experienced a
digital breach of private
information.
70% of healthcare
organizations worry most
about insider misuse.
Given the industry’s
competitive nature,
highly-valued intellectual
property, and broker
transactions ranging in the
millions – the threat to email
is significant and very real.
43% ranked employee
negligence as the top-ranked
security threat.91% 87%59% 76.7%
43%
HIGHLY REGULATED INDUSTRIES ARE PRIME
TARGETS FOR EMAIL SECURITY THREATS.

5. THE CONSEQUENCES OF FAILING
TO ENCRYPT CAN BE SEVERE
857.7 MILLION records have been breached since 2005. This is the
equivalent to roughly 86 million records breached per year, that’s more
than 230,000 records breached on a typical day, and about 187,000
records lost per breach incident.
That’s alarming given the average cost of addressing a data breach tops
$3.8 million US. The cost of a data breach varies by industry. The average
global cost of a data breach per lost or stolen record is $154 US. However,
if a healthcare organization has a breach, the average cost could be as high
as $363 US. As a final comparison, a data breach due to human error or
negligence costs $137 US per record.
• Notification costs: All necessary
activities required to report the
breach to appropriate personnel
within a specified time period.
• Breach response costs: All
activities required to notify data
subjects with a letter, telephone
call, e-mail or general notice that
personal information was lost or
stolen.
• The cost of providing
credit-monitoring
services for at least a year.
• Reputational damage.
• Loss of business.
• Negative publicity:
Extensive media
coverage, further damaging
the organization’s reputation.

6. QUANTIFYING THE
CONSEQUENCES
HARDSHIPS ON CUSTOMERS
• A full 71% of fraud incidents begin less than one week after a
data breach
• $16 billion US stolen from 12.7 million identity fraud victims last year
HARDSHIPS ON BUSINESS
In addition to the costs for addressing data breaches:
• Class actions, regulatory and criminal investigations are here to stay,
as well as individual actions resulting in damage awards.
• Cyber Risk, Liability and Insurance — one which companies are paying
top dollar for with the expectation they will inevitably take a hit.
• Cyber Risk, Liability and Insurance market to hit $10 billion US by 2020.
Less than 50% of high
profile breach costs were
covered by insurance.
(Target & Home Depot)
<50%

7. Email encryption has been around for quite some time, yet
the majority of corporate emails, are sent unencrypted.
WHY?
Encryption methods such as PGP, TLS, S/MIME, Encrypted PDF/ZIP,
and PKI are all valuable, however,
individually, none of the methods can respond to the demands of users.
By offering users CHOICES, not LIMITATIONS,
you dramatically improve experience, security and
enable new business opportunities.
HOW DO YOU
SOLVE THE PROBLEMS?

8. WARNING!WARNING!
Some encryption solutions lack efficient automation and
so do not offer the ability to easily define and apply policies.
Some encryption solutions lack efficient automation and
so do not offer the ability to easily define and apply policies.
Identify privileged communications, as well as content that could
harm your organization's reputation if intercepted. This includes
financial projections or statements, and email messages
that contain confidential information like bids, intellectual
property, medical records or personal data.
This email content represents the majority of risk in most organizations
and is easy to address using policy based encryption triggers.
Policy Based Encryption (PBE) protects email in a way that’s transparent
to users. PBE scans for keywords, regular expressions, lists, and
attachments based on pre-defined definitions to identify elements at
risk, such as credit card numbers, medical information, etc. and then
automatically encrypts as required, eliminating the human element.
STEP 1:
FOCUS ON OBLIGATION TO PROTECT DATA

9. When IT professionals were asked to rate the end user experience for
encryption, only 17% agreed that encrypted emails are easy for
people to open.
When IT professionals were asked to rate the end user experience for
encryption, only 17% agreed that encrypted emails are easy for
people to open.
For email encryption to be accepted and used across an organization,
you need to deploy transparent solutions; recognizing that
users will follow the path of least resistance, encryption solutions
should adapt to your environment and be user experience driven.
THE BEST ENCRYPTION SOLUTIONS WILL:
• Cover all business use cases - offering both push and pull delivery: TLS,
Encrypted PDF, Encrypted ZIP, PGP and S/MIME, and web portal pickup.
• Support the full range of mobile devices with built-in OAuth options:
Google+, Live, O365, Facebook, LinkedIn, Salesforce.
• Include customizable multi-tenancy encryption policies and branding
options. Brand is critical to reputation. It gives your recipients confidence
that the email being sent is legitimately yours.
STEP 2:
FOCUS ON DRIVING USER ADOPTION

10. Cost and ease of key administration can vary between solutions.
Some encryption solutions offer basic key management that require
on premises infrastructure and dedicated IT staff to manage, while
others offer adaptive solutions that provide fully managed on premises,
cloud and hybrid deployment models.
Echoworx's OneWorld encryption makes implementing these three
steps easy. For more information or to book a demonstration visit
our website. https://echoworx.com
STEP 3:
FOCUS ON REMOVING THE COMPLEXITIES
OF KEY MANAGEMENT
SOURCES:
Ponemon Institute's 2015 Global Cost of Data Breach Study
Ponemon Institute's Benchmark Study on Privacy & Security of Healthcare Data
Technavio 2015-2019 Global Email Encryption Market Report
Aon: Trend Snapshot for Financial Institutions 2014
Opswat: White Paper Protecting the Oil & Gas Industry from Email Threats
Javelin Strategy & Research 2015 Identity Fraud Study
About Echoworx
Since 2000, Echoworx has been bringing simplicity and flexibility to encryption. Echoworx’s flagship solution,
OneWorld Enterprise Encryption, provides an adaptive, fully flexible approach to encryption that ensures the privacy
of sensitive messages. Enterprises investing in Echoworx’s OneWorld platform, are gaining an adaptive, fully flexible
approach to encryption, creating seamless customer experiences and in turn earning their loyalty and trust.

12. www.echoworx.com
info@echoworx.com
NorthAmerica 1 800.346.4193 | UK 44 0.800.368.5334
@Echoworx