Blog

Cyber security is on everyone’s mind these days. With headline-grabbing cyber attacks impacting household names from Marks & Spencer to Jaguar Land Rover in 2025, everyone’s aware of the havoc a cyber breach can wreak.

Have you considered where your biggest vulnerabilities are?

If you have, is email on your radar? Email may be your biggest – and most underestimated – cyber security risk. Here we explore why, and what you can do to reduce the threat email poses to your business.

Cyber attacks are increasing – and increasing in severity

As well as being disastrous for the businesses they target – the JLR cyber attack cost the company a reported £196m, before the cost of lost sales – their ripples are felt across the wider economy. The impact on JLR’s supply chain meant that their shutdown is calculated to have cost the UK economy a whopping £1.9bn.

With impacts like this, it’s not surprising that a cyber attack or data breach was voted the top business risk in 2025.

What are the greatest drivers of cyber security risk?

Perhaps surprisingly, email is a key driver of data breaches and cyber attacks. How can emails impact cyber security? There are a number of ways:

• Misdirected emails. Emails sent to the wrong address are viewed as a significant risk by 98% of security leaders, while 96% of organisations had experienced data loss and cyber exposure from misdirected emails in the prior year.
• Phishing attacks. A 2024 report found that 80% of organisations had fallen victim to an email security breach in the
past 12 months. Phishing – the practice of inducing individuals to reveal personal information, such as passwords and credit card numbers – has typically been attempted via email attachments, though including deceptive links within the email itself is a growing tactic.
• Malware can also be delivered via email, infiltrating your systems, causing disruption and often coming with a demand for ransom payment for remediation.

Cyber breaches create significant problems for businesses – with material impacts including the costs of remediation, the effect on customer trust and loyalty, and the compliance consequences.

Minimise your risk – start with email

How can you minimise your cyber risk? Based on the findings above, email is a good place to start.

Why does email pose such a cyber security threat? Several reasons:

• Email is rarely encrypted – information sent via email therefore is prone to being intercepted by third parties
• Emails are sent to multiple recipients, increasing the likelihood that they are seen by someone they were not intended for
• There’s no control over an email’s future journey – it can be forwarded to anyone, and there are no metrics to show you that this has happened
• Email recipients have a propensity to open attachments – even from unknown sources. 82% of UK companies experienced an attempted ransomware attack via email in 2022, and notably, 62% suffered an actual successful infection – many of which originated from malicious attachments

These figures illustrate that email attachments remain a dominant and dangerous cyber security threat in the UK. The risk is amplified by:

• Human trust: users often open attachments from familiar sources (and even unfamiliar ones) without verifying
• A high attack success rate: a 2024 report found that 94% of ransomware infections stem directly from these attachments
• Volume of exposure: each user handles dozens of emails daily, multiplying opportunities for compromise

How to mitigate email cyber risk

There are steps you can take to minimise and mitigate the cyber risk email poses:

• Implement advanced email security gateways that scan and quarantine attachments
• Enforce attachment handling policies – for instance, blocking specific types such as .exe or .js files
• Running cyber security training to encourage employees to identify malicious email attachments and verify unexpected attachments, even from trusted senders
• Employ multi-layered defences combining technical controls, user education, and incident response readiness

Consider more secure alternatives to email

If you want to really beef up your resilience to cyber attacks, you may want to explore routes other than email for sharing information.

When looking to share information securely, many businesses are turning to online data rooms. Originally designed for the sharing of due diligence and other corporate information during the M&A process, companies are realising their wider potential.

While data rooms have significant benefits when it comes to accelerating dealmaking, their high levels of security, alongside their ability to provide reader engagement metrics, has seen businesses using data room technology beyond their original remit, to host and share a wide range of information.

While emails and their attachments – as we’ve detailed above – can end up in the wrong hands, and are inherently less secure as they’re often sent by third-party servers, documents shared via a highly-secure data room travel via a trusted, encrypted route.

And information is shared instantly – no risk of important documents going astray, or getting blocked due to size or recipients’ spam filters, causing communication delays; a data room allows you to share and receive important updates in real time.

To find out more about data rooms and how they deliver a secure, data-enabled alternative to email for your documents, you can read up on the features of Engage, Perivan’s data room technology here, or contact us to learn more or arrange a no-obligation demo.