- The majority of UK IT leaders (83%) have faced an email-related security incident – with many warning organisations risk ending up in “Mail Jail” without stronger controls.
- Despite rising threats, email still underpins workplace productivity: over half of all organisational communication (52%) flows through the inbox.
- Nearly nine in ten leaders (87%) expect email to remain Britain’s primary business channel for at least the next five years, cementing its role as both a productivity lifeline and a security challenge.
LONDON–(BUSINESS WIRE)–New UK survey findings from Exclaimer reveal that email remains the biggest soft spot in enterprise security, even as phishing scams, impersonation attacks and regulatory scrutiny intensify. UK IT leaders estimate that over half of all organisational communication (52% on average) still runs through email – yet 83% report suffering at least one email-related security incident, with nearly half (49%) hit in the past 12 months alone. On average, IT leaders say over a third of all security incidents (36%) are email-driven, underlining the inbox as a persistent national attack surface.
The strain is sharpest in sectors where accountability matters most. Government bodies are hit hardest, with 92% reporting an email-related breach and over half (56%) in the past year alone – raising concerns about the resilience of public services. UK IT leaders in finance (87%) and legal sectors (85%) also report exposure to these incidents, underlining how regulation-heavy industries are prime targets. In tech, where communication is spread more heavily across IM and collaboration tools, three-quarters (75%) still faced inbox breaches.
Exclaimer’s The UK Business Email Report – which surveyed 1,003 UK IT leaders including CIOs, CTOs, IT managers and security officers – reveals Britain’s inboxes now sit at the intersection of workplace productivity, security and compliance. With so much sensitive communication flowing through them, email is carrying more weight than ever – and without the correct guardrails in place, organisations risk slipping into “Mail Jail,” where each and every message can spark a security, compliance or reputational headache.
Britain’s inboxes under pressure from attacks, regulation and… employee use?
When asked to name their biggest email security challenges, UK IT leaders put external threats such as phishing, spoofing and spam at the top of their list (cited by 42% of respondents). Almost as many highlighted the difficulty of balancing security with ease of use (39%) and ensuring strong encryption (38%). It underlines a balancing act: keeping inboxes secure without breaking their role as the country’s most indispensable comms tool.
UK firms are stepping up inbox defences, but maturity varies by sector
Despite challenges, over four in five UK IT leaders (81%) view one-to-one email as a critical comms channel – on par with IM and collaboration tools. It therefore comes as no surprise that UK enterprises are far from passive in the face of phishing and spoofing.
The most common defences now in place are employee security awareness training (cited by 47% of respondents) and email filtering (46%), with multi-factor authentication (41%) also widely adopted. More advanced measures such as AI-driven threat detection (38%) are gaining traction, signalling a gradual but broad shift towards layered protection.
Tech companies are furthest ahead, with strong adoption across every major safeguard, from filtering (cited by 63% of respondents) and training (59%) to MFA and AI detection (both 53%). In the public sector, adoption lags behind, but nearly half (44%) report using MFA – a sign of progress even as training (27%) and AI detection (26%) remain low.
Email is not fading – it is evolving
UK IT leaders are clear that email’s role is far from fading. Nearly nine in ten (87%) expect it to remain a primary business communication tool for at least the next five years.
But leaders are clear it won’t stand still. When asked which trends will have the biggest impact by 2030, the top three were stronger security and encryption standards (45%), tighter integration with real-time collaboration tools (41%) and AI-driven automation (41%). For heavily regulated industries, this signals a push to make the inbox more auditable and more tightly connected to compliance workflows. For technology, the emphasis is on automation and integration with the wider productivity stack.
Trust is also part of the picture. Almost nine in ten UK IT leaders (89%) agreed that well-managed email signatures directly contribute to professionalism and client confidence. In sectors where reputation is currency – from law firms to banks – this suggests organisations increasingly see the inbox as both a security risk and a brand asset.
Cary Vidal, VP of IT & Security at Exclaimer, said: “Attackers go where the people – and the mistakes – are. Our data shows UK enterprises often still treat email as routine plumbing, yet it’s implicated in over a third of security incidents and rising. The answer is to apply layered controls, automate the basics and build trust into every message. That’s how organisations turn the inbox from their weakest link into a source of security, compliance and professionalism.”
Resources:
- Download the full The UK Business Email Report
Methodology: This report is based on original research commissioned by Exclaimer in partnership with Censuswide and Clarity, aiming to understand how IT leaders are managing the evolution of business email. The study utilised a quantitative, cross-sectional survey design, supported by qualitative commentary from internal subject-matter experts.
Fieldwork was conducted online between April 4 and April 16, 2025. A total of 4,009 IT professionals were surveyed across four core geographies: United Kingdom (1,003), United States (1,000), Germany (1,006) and Australia (1,000). Respondents were selected using a non-probability sampling approach, targeting individuals actively involved in managing email systems, communication policies or security/compliance infrastructure.
About Exclaimer:
Exclaimer is the leading provider of email signature management solutions for Microsoft and Google email services. Its scalable cloud-based platform enables organisations to centrally manage and automate email signatures, ensuring regulatory compliance, operational efficiency and brand consistency. Built for IT teams, Exclaimer simplifies administration by eliminating manual updates, reducing security risks and maintaining full control over business email communications.
Exclaimer delivers 20 billion email signatures from 9 million email accounts across 70,000 organisations annually. Its diverse customer base includes Sony, Mattel, Bank of America, NBC, the Government of Canada, the BBC and the Academy Awards.
www.exclaimer.com or follow Exclaimer on Facebook, LinkedIn, and X (formerly Twitter).
Contacts
Media relations contact:
[email protected]
[email protected]
