The Kiteworks 2025 Data Security and Compliance Risk Annual Survey report starkly reveals that email remains 16% more vulnerable to breaches than more secure transfer protocols like SFTP, despite being the medium for 90% of sensitive business communications.
For Asian organisations, this gap exposes critical blind spots that demand urgent re-evaluation of defensive strategies.
The report highlights that “email’s architecture was never built for secure data transmission,” underscoring why traditional security fixes remain insufficient.
In Asia-Pacific (APAC) specifically, organisations are nearly 30% more exposed to email-related risks than their European counterparts, a statistic echoed by rising phishing and business email compromise (BEC) attacks targeting major hubs like Singapore and Hong Kong.
These threats are escalating partly because email security adoption is inconsistent; for example, only 12% of APAC firms have implemented essential email authentication protocols like DMARC, leaving them susceptible to spoofing and fraudulent emails.
Importantly, the Kiteworks study exposes how both industry and geography shape breach risk. Defence and security organisations, for instance, face over 50% higher likelihood of email-related breaches compared to industries like life sciences, regardless of the security tools deployed.
This finding emphasises the need for tailored, sector-specific cybersecurity measures.
“Attackers exploit industry- and region-specific weaknesses. Organisations that benchmark against averages instead of their true exposure are flying blind,” noted Tim Freestone, CMO of Kiteworks.
Mitigating human error emerges as a pivotal defence strategy. Proactive interventions that prevent mistakes before they occur—such as real-time alerts for misaddressed emails or sensitive data—can reduce incidents by 41% compared to reactive measures.
These “just-in-time awareness nudges” empower employees to act as the first line of defence without disrupting workflows, offering a significant improvement over traditional post-breach responses.
The report also recommends three core practices for success: proactive human error prevention, zero-knowledge encryption to restrict access even from administrators, and seamless security integration to ensure user adoption rates exceed 95%.
These principles are critical for Asian organisations aiming to enhance resilience amid escalating email threats.
In an era where 60% of breaches originate from employee mistakes and threat actors increasingly exploit regional dynamics, CISOs in Asia must urgently reassess their email risk posture and invest in nuanced, integrated security solutions to safeguard sensitive data and maintain operational trust.
