New UK survey findings from Exclaimer reveal that email remains the biggest soft spot in enterprise security, even as phishing scams, impersonation attacks and regulatory scrutiny intensify.

According to the survey, UK IT leaders estimate that over half of all organisational communication (52% on average) still runs through email – yet 83% report suffering at least one email-related security incident, with nearly half (49%) hit in the past 12 months alone.

On average, IT leaders have stated that over a third of all security incidents (36%) are email-driven, underlining the inbox as a persistent national attack surface. 

Where accountability matters the most

The strain is reportedly sharpest in sectors where accountability matters the most.

Government bodies are said to be hit hardest, with 92% reporting an email-related breach and over half (56%) in the past year alone – raising concerns about the resilience of public services.

UK IT leaders in finance (87%) and legal sectors (85%) also report exposure to these incidents, underlining how regulation-heavy industries are prime targets.

In tech, where communication is spread more heavily across IM and collaboration tools, three-quarters (75%) still faced inbox breaches.

Exclaimer’s UK State of Business Email Report – which surveyed 1,003 UK IT leaders including CIOs, CTOs, IT managers and security officers – reveals Britain’s inboxes now sit at the intersection of workplace productivity, security and compliance.

The white paper has reported that with so much sensitive communication flowing through them, email is carrying more weight than ever – and without the correct guardrails in place, organisations risk slipping into “Mail Jail,” where each and every message can spark a security, compliance or reputational headache. 

Britain’s inboxes under pressure from attacks

When asked to name their biggest email security challenges, UK IT leaders reportedly put external threats such as phishing, spoofing and spam at the top of their list (cited by 42% of respondents). 

The report states that almost as many highlighted the difficulty of balancing security with ease of use (39%) and ensuring strong encryption (38%).

This is said to underline a balancing act: Keeping inboxes secure without breaking their role as the country’s most indispensable comms tool. 

UK firms are stepping up inbox defences, but maturity varies by sector 

Despite challenges, over four in five UK IT leaders (81%) reportedly view one-to-one email as a critical comms channel – on par with IM and collaboration tools.

It therefore comes as no surprise that UK enterprises are far from passive in the face of phishing and spoofing.  

Exclaimer has articulated that the most common defences now in place are employee security awareness training (cited by 47% of respondents) and email filtering (46%), with multi-factor authentication (41%) also widely adopted.

More advanced measures such as AI-driven threat detection (38%) are reportedly gaining traction, signalling a gradual but broad shift towards layered protection. 
 
Tech companies are furthest ahead, with strong adoption across every major safeguard, from filtering (cited by 63% of respondents) and training (59%) to MFA and AI detection (both 53%).

In the public sector, adoption lags behind, but nearly half (44%) report using MFA – a sign of progress even as training (27%) and AI detection (26%) remain low. 

Email is not fading – it is evolving  

Exclaimer has reported that UK IT leaders are clear that email’s role is far from fading. 

Nearly nine in ten (87%) expect it to remain a primary business communication tool for at least the next five years. 
 
But leaders have reported that it won’t stand still. When asked which trends will have the biggest impact by 2030, the top three were stronger security and encryption standards (45%), tighter integration with real-time collaboration tools (41%) and AI-driven automation (41%).

For heavily regulated industries, this signals a push to make the inbox more auditable and more tightly connected to compliance workflows.

For technology, the emphasis is on automation and integration with the wider productivity stack. 

According to the report, almost nine in ten UK IT leaders (89%) agreed that well-managed email signatures directly contribute to professionalism and client confidence.

“A source of security, compliance and professionalism”

Cary Vidal, VP of IT & Security, Exclaimer said: “Attackers go where the people – and the mistakes – are.

“Our data shows UK enterprises often still treat email as routine plumbing, yet it’s implicated in over a third of security incidents and rising.

“The answer is to apply layered controls, automate the basics and build trust into every message. 

“That’s how organisations turn the inbox from their weakest link into a source of security, compliance and professionalism.”