top of page

Calculating Data Risk: Accidental File Delivery Via Email

A new tool that combines available data with your organization’s metrics reveals your data risk due to accidental email deliveries.

First in a series showcasing results of the mxHero ROI Calculator

Over most of the last decade, mxHero has worked at the intersection of email and cloud storage services (e.g., Box, Egnyte, OneDrive, etc.). During this time, we have published research regarding the impact of email on corporate security, governance, productivity, and cost savings. One of our focus areas has been on the effects of email attachments on data risk and cybersecurity.

Often overlooked as innocuous, email attachments are anything but. In a world reeling with challenges, cybersecurity proves elusive and is crippling organizations of every size. Increasing amounts of critical resources are being diverted towards securing our digital assets. Despite record investments in cyber-security, we see a record number of breaches and record amounts paid as ransom to cybercriminals. One would be excused in viewing today’s cybersecurity efforts as futile. [DDI] It is our observation that the habitual use of the email attachment, a 50-year-old technology, is a root cause of the indefensibility of today's organization.

Based on our research, we have created an online calculator that allows organizations to input their own metrics and measure how email attachments impact data security and infrastructure costs, among other areas.

We aim to shed light on the true costs and dangers of continued use of unsafe email attachments. Based on our research, we have created an online calculator that allows organizations to input their own metrics and measure how email attachments impact data security and infrastructure costs, among other areas. The calculator generates a freely accessible spreadsheet sheet that includes the methodology, formulas, and results to permit further tweaking and analysis.

Calculator: (includes the source XLS download)

This article is the first where we discuss the methodology behind key findings of the calculator. In this article, we focus on two of the Data Risk statistics, namely, “Files sent as attachments to unintended recipients/year” and “Emails sent to unauthorized personal accounts (user/year).” In other words, how many mistaken and unauthorized deliveries of files are being made because of email. This is a critical metric. Most of us can instinctively relate to this risk, having misguided emails ourselves. What is surprising is how often this occurs. In a Tessian study cited by CISO Magazine, the number of accidentally addressed emails occurred, on average, 130 times per week in large enterprises! [Tessian, CISOMag]

By combining data of the number of files transmitted through email with the number of accidentally addressed messages, we arrive at the following statistics for a 1,000 employee company. The calculation is as follows:

211 files being sent to the wrong recipients per year in an organization with 1,000 employees.

Multiplying each of the entries above reveals that for a 1,000 employee organization, approximately 211 files are sent to mistaken recipients. In a time when a single file can mean stiff fines, leaked strategy, or compromised security, these numbers are worrisome.

Doing a similar calculation for the number of unauthorized deliveries of attachments, we get:

5,898 files being sent to unauthorized email accounts per year in an organization with 1,000 employees.

For organizations that handle sensitive information, whether regulated personal identifiable information (PII), intellectual property (IP), or other sensitive information, the implications are sobering and help explain the daily news cycle of data breaches.

Screenshot from the mHero ROI Calculator. Estimation based on an organization with 1,000 users.

How to Protect Data From User Mistakes

The great news is that organizations can significantly mitigate the accidental loss of data due to email attachments by stopping the use of 50-year-old email attachment technology and adopting modern file sharing (aka, cloud storage). Email attachments provide for no recourse once the send button is pressed. Unlike email attachments, cloud storage file links allow for access controls and revocation, even after delivery. With tools like mxHero's Mail2Cloud platform, the appropriate access controls can be automatically assigned based on the sender, recipient, and content. When mxHero is added to best of breed cloud content platforms, like Box, additional security is provided. Box cloud storage adds the ability to scan files for PII (personally identifiable information) and auto-classify content for different regulatory regimes, like FINRA, GDPR, etc. - automatically ensuring that attachments are correctly restricted. None of this is possible with standard email attachments.

mxHero leverages popular cloud storage services to ensure that an email accidentally sent to (instead of automatically prevents inappropriate access to files.

Email attachments should no longer be used

Email attachments, designed in the early 70s, are no longer adequate for file sharing in today’s business environment. The modern alternative is here in the form of cloud storage file links. With tools like mxHero, organizations can move away from unsafe email attachments without requiring users to adopt new user habits.


bottom of page