Misaddressed Emails Are Today’s Top Cyber Threat – SafeSend Catches Them Before They Happen by

Updated on: May 5, 2025

Human mistakes in email communication are an invisible but massive risk which traditional security tools barely address.

In this exclusive interview with SafetyDetectives, Usman Choudhary, Chief Product and Technology Officer at VIPRE Security Group, explains why misaddressed emails are one of today’s biggest cybersecurity threats, and why training employees alone isn’t enough to prevent it.

He shares how VIPRE’s unique solution, SafeSend, interrupts mistakes before they happen, empowering employees and reducing IT overhead.

In 2-3 sentences, why does your company exist? What’s the fundamental pain point or flaw in your industry it was designed to solve?

Protecting what’s most important for organizations, from families to businesses, is our biggest priority and why VIPRE is focused on providing modern, enterprise-level security solutions that excel at protecting people and productivity while also providing solutions to small businesses and individuals that have different requirements and needs than large-scale enterprises.

Supporting individuals and smaller organizations with powerful security defenses improves the security of everyone. We are always exploring approaches that will have the most impact on an organization’s security, potentially plugging gaps in an organization’s security defenses, including our data loss awareness application, SafeSend.

Going more into details, what makes this problem so severe in your industry that you set out to create your own solution to solve it?

Human error remains a top cause of data leaks, and one of the most risky mistakes today is the unintentional sharing of confidential information through misaddressed emails or mistaken file attachments.

In recent surveys, up to 58% of employees admitted sending emails to the wrong person.

In a typical enterprise with 5,000 employees sending about 190,000 emails daily, even a 0.05–0.1% error rate leads to 23,750 – 47,500 misaddressed emails annually.

It’s hence no surprise that misaddressed emails are a leading cause of data breaches. According to the UK’s Information Commissioner’s Office (ICO), wrong email sends accounted for 18% of reported breaches over a three-year period, surpassing even phishing attacks.

And the risks go beyond breaches: there are regulatory violations, brand damage, and financial penalties at stake.

What kind of people or organizations are most affected by this issue, and why are they still stuck with it? What are the risks of not solving this problem?

Healthcare organizations, financial institutions, law firms, government bodies, and educational institutions are among the most vulnerable:

• Healthcare organizations manage vast amounts of personal health information (PHI). Misdirected emails from these organizations can lead to violations of privacy regulations like HIPAA, resulting in substantial fines and loss of patient trust.​
• Banks, insurance companies and other financial institutions handle sensitive financial data. A misdirected email can expose confidential client information, leading to regulatory penalties and reputational damage.​
• Law firms deal with confidential client information and legal documents. An email sent to the wrong recipient can breach attorney-client privilege and compromise legal strategies.​
• Government bodies often handle classified or sensitive information. Misdirected emails can lead to national security risks or public trust issues.​
• Educational institutions manage student records and research data. Sending information to unintended recipients can violate privacy laws and affect institutional credibility.

Many of these organizations still underestimate how often human error occurs, and rely on traditional solutions that don’t truly address the root problem.

What’s everyone else doing to solve this problem, and why do you think these solutions are flawed? What should they do instead?

Current approaches either react too late or overload already stressed IT teams.

Most organizations rely on user training alone. But training doesn’t account for reality: employees get distracted, stressed, or rushed, and mistakes happen anyway.

It’s easy, for example, to lose track of CC’d and BCC’d recipients, opening up the possibility of including the wrong recipient(s). Autocomplete does not help in these situations, as it can suggest someone the employee was not intending to email. This happens especially when the names of recipients are very similar to other contacts.

Some companies also implement DLP (Data Loss Prevention) platforms that block risky emails after they’re sent. But these systems generate a flood of alerts that security teams — often understaffed — must manually review, creating bottlenecks and inefficiencies.

How does your solution fit into what you suggested, and how is your approach fundamentally different from what’s already out there? What’s the #1 thing you do that competitors CAN’T or WON’T do?

Differently from traditional DLP software, SafeSend stops employees before they send an email. It interrupts the sending process with an intuitive pop-up that forces employees to review recipients and attachments carefully before proceeding.

This simple pause reduces mistakes dramatically and relieves the burden on IT teams who would otherwise have to monitor and manage risky sends after the fact. And less work for IT teams means immediate cost savings.

Lastly, it also turns every email interaction into a mini training opportunity, building better habits over time without overwhelming employees or security teams.

What’s the BIG vision for the future of your company? What’s in your roadmap, and how will these updates improve your clients’ lives?

We want digital loss awareness to become a common part of an organization’s technological security defenses. Supporting this goal, we continue to invest in SafeSend to expand the use cases that it addresses across a variety of industries.

Some of the features we expect to release in the next year include:

• Advanced Analytics & Reporting:
  Deeper reporting provides valuable insights into how employees are interacting with SafeSend and how well it is addressing an organization’s vulnerabilities.
• Customizable notifications:
  Provides clients with more customization options that allow them to align notifications to their specific organizations’ policy and procedures.
• Support for 30 + Languages:
  Many global organizations have locations spread out across the world that speak a variety of languages.
• Mobile device coverage:
  Many employees use their mobile devices to access work emails. We will address this gap by providing the same DLA capabilities to mobile devices.
• AI capabilities:
  AI will help flag email activity that deviates from typical, historical email behaviors, potentially indicating an insider threat or compromised account.