Abnormal AI Reveals the Growing Risk of Human Error in Enterprise Email

Abnormal AI, the leader in AI-native human behavior security, released a new research report, 2025 State of Misdirected Email Prevention: Keeping Sensitive Data Out of the Wrong Inboxes, revealing that one of the most damaging and overlooked risks in enterprise cybersecurity comes not from malicious attackers, but from human mistakes.

Based on a survey of more than 300 security and IT professionals, the report highlights the growing prevalence and business impact of legitimate messages sent to the wrong recipient—also known as misdirected emails—which can result in data breaches, regulatory violations, remediation costs, and reputational damage.

Cyber Technology Insights : Inversion6 Launches Growth-Fueled Security Operations Center and MDR Platform

The research makes clear that this concern is more than theoretical. Ninety-eight percent of security leaders consider misdirected email as a significant risk when compared to other risks like malware and insider threats. And those fears are being realized with 96% of organizations surveyed experiencing data loss or exposure from misdirected email in the past year, with 95% reporting measurable business impact such as remediation costs, compliance violations, or damage to customer trust.

“This report offers a sobering realization,” said Mike Britton, CIO at Abnormal AI. “The same inboxes attackers target are also the source of accidental data loss within organizations. Enterprises have invested heavily in stopping inbound threats like phishing, but outbound email remains a major vector for human error—one that has historically been overlooked.”

Cyber Technology Insights : eMazzanti: SMBs Urged to Adopt Dark Web Monitoring Amid Rising Cyber Threats

Additional findings include:

• 47% of security and IT professionals learn of misdirected emails from recipients rather than from security tools.
• 97% believe behavioral AI can help prevent accidental data loss before it occurs.
• The average enterprise spends over 400 hours per year managing false positive alerts from data loss prevention (DLP) or email security tools.
• Misdirected emails account for 27% of all data protection incidents under the GDPR last year, contributing to over $1.2 billion in fines worldwide.

The research underscores the pitfalls of traditional email security and DLP tools, built to detect external attacks—not the unintentional data loss caused by internal human error. Behavioral AI, by contrast, models typical communication patterns and can identify deviations that indicate misdirected emails, stopping dangerous activity in its tracks by intervening before sensitive data leaves the organization.

“This is a visibility problem as much as it is a technology one,” Britton added. “Traditional tools can’t differentiate a legitimate customer email from a sensitive message going to the wrong recipient. Protecting data today requires more than defending against external threats—it means understanding and supporting human behavior. Organizations that integrate AI-driven insights with user-centric safeguards are better positioned to prevent mistakes from turning into breaches.”

Cyber Technology Insights : Surfshark Protects Against Phishing Attacks with The Email Scam Checker

Source: prnewswire

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com