When speaking to IT professionals in the finance sector about email security, they are often unaware that the majority of data leaks are caused by employee behaviour. Latest security incident reports from UK privacy regulator the Information Commissioner’s Office (ICO) quantify the extent of the problem. Its Q3 and Q4 figures show that from 1 October 2020 to 31 March 2021, 60% of data leaks reported by finance, insurance and credit firms were caused by a non-cyber security incident: ‘Data emailed to incorrect recipient’, ‘Failure to redact’ and ‘Failure to use bcc’, for example, all three being human errors. This is in stark contrast to the common misconception that phishing and hacking are the main causes of data leaks.