For years, email security has been treated as a front door problem. The focus has been clear: stop malicious emails getting in, block phishing, filter spam, and prevent users from ever interacting with harmful content. It’s a logical approach, especially when you consider that over 90% of cyberattacks still begin with an email.
However, a quieter and equally significant risk has been growing in parallel. The question is no longer just how we secure inbound email, but whether we are thinking about email security as a complete system at all. Because what leaves the organisation can be just as impactful as what comes in.
At Gradian the message we have a clear message we keep coming back to: inbound and outbound threats are two sides of the same coin.
You can't protect your organisation by only looking in one direction. Locking the front door while leaving the back door open, means you still have a problem. That's why our approach brings both disciplines together - using best-in-class technology for each side of the challenge, under a single strategic conversation.
"We've seen organisations struggle when they treat inbound and outbound email security as separate projects. It's not about choosing between approaches - it's about recognising they're part of the same security evolution." says Richard Croker, Sales Manager at Gradian.
The Inbound Battlefield Has Changed
Traditional secure email gateways were built differently, when threats were easier to identify and largely confined. That world no longer exists. Today's attacks are highly targeted and often delivered through legitimate or compromised infrastructure. With more than 3.4 billion phishing emails sent every day, attackers are no longer relying on volume alone, but on precision.
The shift to cloud platforms such as Microsoft 365 has further changed the dynamic. Security has moved closer to the user, and detection is no longer a single checkpoint but an ongoing process. Microsoft's native tooling, particularly Defender for Office 365, plays a central role in this new model - providing strong baseline protection and, crucially, the ability to identify and remediate threats after they have already reached the inbox.
Yet even with these advances, one truth remains: no single layer is catching everything. This is why organisations continue to adopt layered security approaches, combining native protections with additional tooling to improve detection and visibility. Which raises an important question: are these layers a sign of resilience, or are they compensating for gaps that still exist?
Gradian partners with Abnormal Security as a key solution for inbound email protection. Rather than relying on signatures or static rules, Abnormal builds a deep behavioural baseline of every identity in your environment - understanding how your people communicate, what's normal, and what isn't. When something deviates from that baseline, it gets caught. It deploys via API in minutes with no complex configuration, and we know from experience that it catches attacks within days of deployment that traditional tools completely miss.
Take a look at our video playlist showcasing some of Abnormal's key features:
The Outbound Problem: Data You Don't Know Is Leaving
While inbound threats dominate headlines, outbound risk is often underestimated. Outbound incidents are typically accidental, driven by human error rather than malicious intent, and therefore harder to detect using traditional security models.
Human error is responsible for as much as 70–80% of data breaches, and misdirected emails or incorrect attachments remain one of the most common causes of data loss. These are not sophisticated attacks, but simple mistakes. Sending sensitive information to the wrong recipient, attaching the wrong document, or including data that should never leave the organisation all create an outbound problem, with the average cost of a data breach now exceeding $4 million globally - even a single mistake can carry serious financial and reputational consequences.
This raises a critical question: if most data loss is unintentional, are we focusing our efforts in the right place?
Legacy DLP tools, built on static rules and keywords, catch only a fraction of these incidents. More than 60% of organisations use some form of DLP, yet many still struggle with high false positives and a lack of contextual understanding with the tools themselves being difficult to operate. Security controls that introduce too much friction can make matters worse. If tools slow people down or interrupt their workflow, they are more likely to be ignored or bypassed.
The most effective approaches are shifting away from rigid enforcement toward guidance - providing real-time prompts, understanding user intent, and helping individuals make better decisions in the moment. Outbound security becomes less about restriction, and more about enablement.
This is where Concentric AI changes the conversation. Rather than asking your team to write hundreds of rules to define what's sensitive, Concentric's Semantic Intelligence platform understands the actual meaning and business context of your data - across structured and unstructured formats, on-premises and in the cloud, at rest and in motion. It discovers what you have, classifies it accurately, and protects it wherever it travels.
The outbound threat landscape has also evolved in a new and critical direction. The rise of GenAI tools in the workplace has created an entirely new risk surface - employees sharing sensitive prompts with thousands of public AI applications such as ChatGPT. Concentric AI covers this risk too, alongside traditional email, file sharing, and social media channels.
We explored this in depth in our recent webinar - Visibility is Key: Addressing Data Risk in the Age of AI. Watch it here:
Why You Can't Have One Without the Other
The coin metaphor is deliberate. A coin has two sides - but it's still one coin. Inbound threat prevention and outbound data protection aren't two separate projects. They're two dimensions of a single, unified email security strategy, and the risks on each side are more connected than many organisations realise.
A phishing email that bypasses controls can lead to account compromise and, ultimately, outbound data exfiltration. Likewise, an accidental data leak can expose information that fuels future inbound attacks. Everything is connected, yet many organisations still approach these challenges independently.
When Gradian works with an organisation on email security, we don't start with a product. We start with a conversation about the full picture: What are your biggest inbound risks? What sensitive data matters most? Where are the gaps between your current tools? What does your compliance posture require?
From there, we bring in the right capabilities. With our world-class expertise and ability to pick the tools that work best for you, we can deliver something most organisations are still missing: genuine, end-to-end email protection.
Are inbound and outbound still treated as separate initiatives in your organisation? We'd love to chat - drop one of our team a message to continue the discussion or gain insight from our specialists.
.avif)
