Are people unaware of the dangers of email? Or are they choosing to ignore the risks? This report highlights consumer email security practices to help businesses foster secure communication that protects customer data.
⬇️ Download the report in PDF format
In recent years, the shift towards digital services has significantly transformed business communications.
With an estimated 361.6 billion messages sent and received daily, email remains the most prevalent online communication tool for both personal and professional interactions.
Despite its convenience, email is inherently unsecured.
Do consumers understand the risks of their emails being intercepted? Are they taking the necessary steps to protect themselves?
This report reveals key findings from a survey exploring UK consumers' knowledge and behaviours regarding email security threats.
The research provides insights into consumer awareness of email security issues, their communication preferences, and their concerns about sustainability.
Generational and demographic differences also play a role in the findings.
The results indicate a substantial gap between individuals' perceived awareness of email security and their actual practices.
Many believe they are informed about email security risks but lack basic knowledge and fail to take proper precautions.
Nearly three-quarters of UK adults think they understand the risks of using email, yet they do not adequately protect their data.
This problem is often exacerbated by businesses, as 73% of consumers have been asked to share personal data over email by a professional services provider.
More than half of consumers have shared personal data via email.
Three-quarters of UK adults feel they are knowledgeable about cybersecurity threats.
73% of consumers have been asked by a professional services provider to share personal data over email.
One-quarter of UK adults have accidentally shared personal data with the wrong recipient via email.
27% of respondents believe email is secure.
Seven in ten UK adults think businesses should reduce postal communications to lower their carbon footprint.
Methodology Beyond Encryption partnered with 3Gem Media Group to survey 2,000 UK adults between the 17th and 20th of February 2023. Quotas on age, gender, and region ensured the sample represented all UK adults aged 18 and older. |
Personal data, often referred to as personally identifiable information, includes any data that can identify an individual when used alone or with other information.
Protecting personal data is crucial to safeguard identities from fraud and theft. But do consumers understand the threats against their data, and are they taking the right steps to stay safe?
Our research shows a significant disconnect between perceived and actual cybersecurity awareness.
Nearly three-quarters of UK adults (73%) believe they are aware of online threats like phishing, malware, and password attacks.
Further questioning reveals that 65% of UK adults feel confident they can identify a phishing scam. However, less than half (45%) understand the term ‘end-to-end encryption’, and 13% have never heard of it.
Given that encryption is a key method for protecting sensitive information online, this lack of understanding is concerning.
Most respondents (85%) think they take steps to protect their personal data from cybersecurity threats online.
Yet, a deeper look shows a clear gap between consumers' perceptions and their actions.
About a quarter of UK adults change their most commonly used online passwords monthly, despite guidance from the National Cyber Security Centre advising against frequent password changes due to the risk of choosing weaker, memorable passwords.
Only a third update their antivirus software monthly, and 13% don't use antivirus software at all.
Email was never designed to be secure. Information transmitted through email can be intercepted or accessed by third parties, putting individuals' identities at risk.
Are consumers aware of these dangers, and do they still feel comfortable using email to share personal data?
Survey results show that 27% of respondents feel email is protected and secure, meaning 73% recognise it is not. Yet, over half have shared personally identifiable information via email, with 55% doing so in the past three months.
This suggests consumers are willing to send sensitive data over email, likely due to its widespread use and convenience, and because many businesses still rely on it for customer communication.
Among those who have shared personal data via email, nearly half (47%) sent their full home address, three in ten shared bank details, and at least a quarter shared their passport, driver's licence, or National Insurance Number.
If intercepted, this information could lead to identity theft or financial fraud, with potentially severe and long-lasting impacts on consumers and businesses.
A quarter (24%) of UK adults have accidentally sent personal data to the wrong recipient, with most incidents (16%) occurring in the past three months. This number is likely higher as many may not realise their mistakes.
Since the pandemic, digital communications have become essential for businesses and consumers, with customer choice playing a key role in engagement and retention. So, what communication channel do consumers prefer when interacting with businesses?
Email tops the list, with 39% of those surveyed preferring it for communication with a business they have an existing relationship with.
This surpasses preferences for a company's mobile app, chosen by 30% of consumers. Only 16% prefer an online portal, and 13% prefer post.
Other preferred methods include phone calls, SMS messages, and face-to-face interactions.
Despite only 13% of consumers preferring postal communications, the volume remains high. Royal Mail delivered nearly eight billion letters last year alone.
Postal communications have a significant carbon footprint, requiring considerable resources for manufacturing, processing, and transporting letters and packages.
Each tonne of post is estimated to generate around three tonnes of CO2e, which also impacts businesses' bottom lines.
Seven in ten (69%) UK adults believe businesses should reduce postal communications to lower their carbon footprint, with 32% strongly agreeing and only 8% disagreeing.
With the rise in cyber-attacks, it is crucial that businesses follow industry guidelines to protect customer safety.
Companies that ask customers to send sensitive information without securing it are not only risking data breaches but also facing potential fines and reputational damage.
Guidance from the Information Commissioner’s Office (ICO) and other regulatory bodies mandates that businesses must secure and encrypt sensitive data. Despite email being the preferred communication channel for many consumers, companies are often failing to implement the necessary protections.
Which businesses are asking for personal data via email? Nearly three-quarters (73%) of consumers have been asked by a professional services provider to share personal data over email.
Among those who have done so, a quarter (25%) were asked by health professionals, a fifth by financial advisers (21%) or estate agents (19%), and one in six by legal professionals (16%) or accountants (15%).
Respondents also mentioned:
The research delves into how generational divides impact approaches to cybersecurity, email usage, and communication preferences.
Cyber Awareness and Actions:
Baby boomers show the least confidence in their cybersecurity knowledge and actions, with only 66% feeling confident in their ability to protect against threats, compared to the average of 73%.
15% of baby boomers are unsure or not confident in spotting a phishing scam, and six in ten have little understanding of end-to-end encryption. Despite this, they are the most diligent about updating their antivirus software monthly.
In contrast, Gen Z shows a more relaxed attitude toward cybersecurity, with 14% never changing their passwords and 18% not using antivirus software.
Email and Personal Data:
When it comes to digital communications, baby boomers are the most sceptical, with 40% believing email, WhatsApp, SMS, and Facebook Messenger are not secure.
Conversely, Gen Z is the most trusting, with only 17% expressing doubts about these platforms' security.
Regarding email specifically, baby boom ers are the least likely to send personal data, with over 60% saying they have never done so (compared to the overall average of 47%). Additionally, less than 10% have mistakenly sent personal data to the wrong person.
In comparison, over 30% of Gen Z have shared personal data via email in the past four weeks, followed by millennials (21%) and Gen X (11%). Gen Z is also seven times more likely than baby boomers to have accidentally sent personal data to the wrong person, and twice as likely compared to the population average.
Choice of Communication:
Although email ranks highest for all generations, Gen X and Gen Z differ in their preferred methods:
Baby boomers are the least concerned about sustainability, with only 61% agreeing that businesses should reduce postal communications to lower their carbon footprints. This compares with 73% for Gen Z and millennials and 72% for Gen X.
Which Region Has the Best Cybersecurity Practices?
Analyzing data by region, Wales shows the highest confidence in cybersecurity knowledge and practices:
Welsh participants are also the most sceptical about the security of digital communications, with 37% doubting the safety of WhatsApp, email, SMS, and Facebook Messenger.
This aligns with their actions, as nearly 60% have never sent personal data via email. Among the 41% who have, 90% have never sent it to the wrong recipient.
Which Regions Have the Most Misaligned Cybersecurity Perceptions?
The regions with the highest confidence in their cybersecurity knowledge but the lowest levels of protective action are the West Midlands and Northern Ireland.
Northern Ireland shows high awareness of encryption (62%) and online threats (78%), but participants there are among the least proactive in protecting their digital assets.
They update their antivirus software the least and are the most likely not to use it at all.
West Midlands respondents are confident in their understanding of encryption and phishing scams, yet are the second most likely to send personal data via email (60% compared to an average of 53%) and to accidentally send it to the wrong recipient (32% compared to an average of 24%).
Which Region Has the Worst Cybersecurity Practices?
London shows the poorest performance in securing personal data. Londoners are the most likely to send sensitive data via email, with 67% doing so compared to an overall average of 53%.
They are also the most likely to send emails containing personal data to the wrong recipient, with 43% having done so and at least 20% doing so in the past month.
Londoners frequently send personal data via email, with 40% sharing their passports and home addresses and 30% sharing their bank details.
Despite these poor practices, Londoners prefer email communication (42%) and strongly support reducing postal communications (74%).
Gender comparisons show distinct differences in cybersecurity awareness and behaviours. The data indicates that:
However, while men seem more familiar with technical cybersecurity aspects, their email habits are worse.
58% of men have sent personal data via email, a 10% increase compared to women (48%), and men are twice as likely as women to have accidentally sent personal data to the wrong person (32% compared to 16%).
Women are more distrustful of digital communications, with 36% finding none of the options secure compared to 22% of men, and only 24% of women believe email is secure compared to 29% of men.
The rapid digital transformation makes balancing security and efficiency challenging for businesses aiming to engage customers, especially given the varying preferences and behaviours across demographics.
Understanding consumer attitudes towards cybersecurity and preferred communication methods is crucial for meeting customer demands and ensuring data security.
Despite awareness of email's risks, consumers continue to send personal data via this channel, often for convenience or due to business practices encouraging it.
As email is the preferred communication method for 39% of respondents, businesses must offer secure communication channels to protect sensitive information.
Implementing a secure email solution with encryption and authentication is essential for ensuring the safety of sensitive data.
Businesses that can balance consumer preferences with robust security measures will thrive in the evolving digital landscape.
— Paul Holland, CEO, Beyond Encryption
"Personal data is a vital part of our digital identities.
When transacting online, we must share personal data to prove ‘we are who we say we are’.
However, with rising cyber threats, protecting our data is increasingly challenging.
Frequent and high-profile data breaches suggest more needs to be done to secure our data exchanges. Email, in particular, remains a major concern.
Despite its unsecured nature, email is used globally for both transactional and personal communications.
One would assume this would increase awareness of email’s risks. Yet, it continues to be the leading cause of data breaches.
Evidence shows that a concerning number of individuals and businesses share personal data via email, including highly sensitive information like passports and bank details.
This report highlights current consumer email security practices to help businesses understand how to foster secure communication that protects customer data.
The results indicate a need for better consumer education on email security and the importance of safeguarding personal data.
We must ensure we do everything possible to protect our personal information as a society.
It’s not just up to consumers to keep their data safe, but also businesses to provide secure communication methods.
Only by working together can we keep data secure from risk."
⬇️ Download the full PDF report
Daily Number of Emails Worldwide, Statista, 2023
Problems with Forcing Regular Password Expiry, National Cyber Security Centre, 2023
Sam Kendall, 14.06.24
Sabrina McClune, 14.06.24