World Cloud Security Day is 3 April 2026.
Exclaimer is reminding organisations to prioritise email communications governance on World Cloud Security Day. Most organisations are focused on securing access to their cloud systems, but far fewer are asking a more difficult question: what happens after a user hits send? According to Exclaimer, one of the most under-governed areas of enterprise communication is outbound email.
Email: widely used but least consistently governed
Email continues to sit at the centre of modern business operations, yet it is also one of the most widely used and least consistently governed communication channels. Research reveals that the average cost of a significant cyber attack to a UK business is almost £195,000; when scaled to an annual UK cost, this amounts to £14.7 billion. These findings highlight how gaps in visibility and control persist across the enterprise, including in how communication is created and sent.
Cloud security has matured significantly when it comes to controlling access to systems, but governance of communication within those systems hasn’t kept pace. Governance often breaks down at the point of execution, where individual users, manual processes, and fragmented tools create inconsistency and reduce control. Findings from Exclaimer’s State of Business Email report reinforce how widespread this gap has become, with 83% of UK IT leaders having faced an email-related security incident.
A shift from access risk to communication risk
Exclaimer says this highlights a broader issue in how businesses approach cloud security.
Karl Bagci, Director of IT and Information Security at Exclaimer, comments:
“World Cloud Security Day is a reminder that most organisations have gotten very good at controlling who gets into their systems, but far fewer are controlling what comes out. Email is still one of the most trusted and heavily used business channels, but it remains one of the least consistently governed at scale. What we’re seeing is a shift in risk from infrastructure to behaviour. Specifically, how people communicate, what they send, and whether those communications are controlled.”
When the majority of UK organisations are already experiencing email-related challenges, this shows the issue is no longer awareness, but how consistently organisations can apply control. And control breaks down quickly when critical elements like disclaimers, branding, and compliance messaging are left to individual users to manage and implement. As communication scales, this challenge is only intensifying. IBM’s research shows that one in six data breaches now involve AI-driven attacks, underscoring how quickly the volume and complexity of communication is increasing.
The governance gap in enterprise communication
Findings from Exclaimer’s State of Business Email report reveal a growing gap between how organisations secure access and how they control communication. While investment in platforms like Microsoft 365 and Google Workspace continues to rise, only 38% of UK enterprises have fully integrated email into their broader security and compliance stack.
“This creates a critical blind spot at the point where communication exits the organisation, affecting compliance, brand integrity, and customer trust,” said Bagci. “Without centralised governance, businesses have limited control over how disclaimers are applied, how regulatory requirements are met, or how consistently the organisation is represented across every interaction.”
In regulated industries, this can introduce real exposure, where missing or inconsistent information may fall short of legal or industry-specific requirements. Even outside of compliance risk, inconsistent outbound communication can erode trust, particularly when customers expect accuracy, professionalism, and clarity in every interaction.
Security at scale requires real-time control
As email volumes increase and communication becomes more distributed across users, devices, and AI-assisted tools, ensuring consistency can’t depend on manual action, it requires policy-driven enforcement that operates in real time, across the entire organisation.
“World Cloud Security Day serves as a timely reminder that cloud security is no longer just about protecting systems. It is about managing the flow of information across them. And that includes looking at how you govern your email communications,” said Bagci.
