Are Companies Doing Enough to Protect Their Customer Communications?

With cyber attacks accelerating at an unprecedented rate—targeting everything from global enterprises to critical hospital infrastructure—companies need to ask themselves: Are they really doing enough to protect their outbound customer communications?

I spoke with Beyond Encryption Founder & CEO Paul Holland about the challenges of securing digital communications and how businesses can safeguard sensitive customer data amid an evolving threat landscape.

Paul highlights that while many organisations focus on defending internal systems against breaches, they often neglect the risks posed by everyday email exchanges with customers—messages that could contain confidential data and be intercepted or exploited by criminals.

Rising Threats: Are Companies Too Complacent?

Attacks on businesses are growing more sophisticated, with cybercriminals showing no hesitation in targeting critical infrastructure.

Recent data shows the average cost of a data breach reached $4.88 million in 2024 (roughly £3.66m), a 10% increase over the previous year.

These figures highlight the pressing need for organisations to prioritise security in their operations.

"Businesses often react to cybersecurity breaches but fail to proactively address vulnerabilities in their email communications."

— Mike Wakefield, CTO, Beyond Encryption

The average total cost of a ransomware recovery has climbed to $2.73 million (approximately £2m).

These rising costs demonstrate the urgency for robust security measures.

High-profile incidents—such as a major hospital group forced to send patients home due to a cyber attack—show how vulnerable organisations can be.

"It’s a mad world we’re living in," says Paul.

"Hospitals shutting their doors because their systems are down—it’s very sad. It shows there’s always more that can be done."

Most enterprises have invested heavily in stopping inbound threats, like phishing and malware, but Paul notes that outbound customer communications often get overlooked.

Over 300 billion emails are sent every day, making this channel a prime target for cybercriminals.

Outbound emails often carry sensitive personal or financial details, making them a prime target for criminals.

Towards the end of 2022, data breaches rose by 70% globally.

Businesses must take proactive steps to mitigate these threats and protect their customers.

"Email was never invented with security in mind.

With over 300 billion emails sent every day, it’s become the default communication medium—and that’s a huge vulnerability."

— Paul Holland, Founder, Beyond Encryption

Outbound Communication: The Missing Piece in Cyber Defence

Companies often focus on strong internal defences, like data leakage prevention and perimeter security, yet the challenge also involves protecting what leaves the business.

Organisations share sensitive data with customers every day—policy documents, ID verification materials, and financial details.

These exchanges are highly vulnerable to interception without proper safeguards.

Paul emphasises that outbound interactions must be secured with encryption and authentication.

Without that, even the savviest enterprises leave the door open for cybercriminals.

Non-compliance with data protection regulations can lead to hefty fines; for example, SHEIN was fined $1.9 million (roughly £1.4m) after a breach affecting 39 million customers.

"If you’re emailing customers personal information without encryption, you’re effectively inviting criminals to take advantage. It’s your obligation to protect that data."

— Paul Holland, Founder, Beyond Encryption

User Experience and Security: Finding the Balance

For security measures to work, customers must be willing—and able—to use them.

Organisations must provide solutions that prioritise usability alongside robust security.

If a tool complicates the user journey, clients might abandon it, leaving systems vulnerable.

Paul stresses that effective security should be almost invisible, allowing secure, encrypted communication without adding friction.

"We live in a world where we expect tech to be simple and intuitive," he says. "If security is cumbersome, it won’t be adopted. You need solutions that are easy for customers to use."

In fact, 77% of consumers say it’s important to know how their data is collected and used.

When done right, strong security can enhance trust, loyalty, and overall brand reputation.

"Balancing security and customer experience is the cornerstone of any effective communication strategy."

— Emily Plummer, Marketing Director, Beyond Encryption

Educating Customers to Reduce Risk

Fraudsters don’t just rely on brute force; they exploit human weaknesses by impersonating trusted brands or advisers.

Businesses must recognise this and act decisively.

Paul warns that criminals are getting better at tricking people into handing over sensitive information.

To combat this, organisations should teach customers how to communicate safely and give them tools to make secure exchanges simple.

Offering free, secure reply channels helps build good habits and strengthens customer trust.

"If I send you sensitive info securely, I should also let you reply securely.

That closes the loop, making sure neither side of the conversation is vulnerable."

— Paul Holland, Founder, Beyond Encryption

Regulatory Compliance and Security Obligations

With strict data protection rules like GDPR, businesses must go beyond the basics.

Encryption, identity checks, and secure delivery are non-negotiable.

Failure to comply can lead to severe financial penalties and damage a company’s reputation.

Adopting top-notch security measures sends a clear message: “We value and protect your data,” and helps maintain customer confidence.

Secure Communication Methods

To protect outbound communications, businesses can implement encryption and multi-factor recipient authentication.

These tools effectively reduce the risk of data breaches and keep sensitive information confidential.

Looking Ahead: Identity, Authenticity, and Future Threats

As threats evolve, identity verification becomes a key part of secure communication.

Knowing the recipient’s identity is critical, and the same applies in reverse.

Future solutions will fit smoothly into workflows, using encryption, AI-driven analytics, and flexible authentication methods.

The rise of hybrid work makes this even more important.

With the global cybersecurity market value forecast to reach $424.97 billion (approximately £318 bn) in 2030, organisations must stay ahead of emerging threats and adapt their defences.

This includes investing in tools that offer both adaptability and comprehensive protection.

When remote work contributes to a breach, the average cost increases, underscoring the need for flexible, secure communication solutions.

"Organisations must not only invest in secure technologies but also create a culture of security awareness among employees."

— Adam Byford, CCO, Beyond Encryption

FAQs

What Is Email Encryption?

Email encryption is the process of converting email content into a code to prevent unauthorised access.

Why Is Encrypting Emails Important?

Encrypting emails ensures that sensitive information remains secure, even if intercepted during transmission.

How Can Businesses Protect Outbound Emails?

Businesses can implement tools like encryption and multi-factor authentication to safeguard outbound communications effectively.

What Are the Risks of Unencrypted Emails?

Unencrypted emails can be intercepted by cybercriminals, exposing sensitive data such as personal or financial details.

What Steps Should Companies Take to Ensure Email Security?

Companies should adopt encryption, educate employees about secure communication, and invest in user-friendly security tools.

References

Cybersecurity Statistics, Varonis, 2024

Number of Sent and Received E-Mails per Day Worldwide From 2018 to 2027, Statista, 2024

What Are the Benefits and Risks of Keeping Customer Data Secure?, Metomic, 2024

Breaking the Breach Cycle: Why Secure Internal Communication is Non-Negotiable for Hybrid Teams, theEMPLOYEEapp, 2024

Reviewed by

Sabrina McClune, 18.12.2024

Sam Kendall, 18.12.2024