Notifications
Clear all
Topic starter
27/06/2026 1:20 pm
TL;DR: Email remains an identity-adjacent control surface where governance, detection, and user trust still intersect, with on-demand Innovate 2025 event packages conference sessions on email security, enterprise threat trends, and customer-focused product usage, along with ISC2 CPE eligibility and practitioner discussion from CISOs and cybersecurity executives, according to Abnormal AI.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams reduce identity risk in email-driven workflows?
A: Security teams should remove email as the trusted authority for sensitive identity actions wherever possible.
Q: Why do email security incidents matter to IAM programmes?
A: Email security incidents matter to IAM because inboxes often carry identity decisions, not just messages.
Practitioner guidance
- Map email-dependent identity workflows Identify where password resets, approvals, onboarding, exception handling, and executive communications still rely on inbox trust.
- Separate awareness from control change Use event takeaways to build a control backlog with owners, due dates, and measurable outcomes.
- Review email-linked recovery paths Check whether email remains the fallback for account recovery, invitation acceptance, or step-up confirmation.
What to expect at the briefing
Abnormal AI's full event coverage covers the practitioner detail this post intentionally leaves at the strategic level:
- Speaker perspectives from Fortune 500 CISOs and cybersecurity executives on how they are operating email security at scale
- Customer-focused track details that show how attendees are using the platform in practice
- ISC2 CPE eligibility and event portal participation details for those attending on demand
- Session-level event content that goes beyond this post's governance analysis
👉 Watch Abnormal AI's on-demand Innovate 2025 conference on email security →
Email security event insights: what IAM teams should notice?
Explore further
27/06/2026 2:38 pm
Email security is still an identity governance problem, not just a detection problem. Email remains a control surface for human identity abuse because it touches password resets, approvals, and trust decisions. That makes practitioner discussion around email security relevant to IAM leads, not just SOC teams. The implication is that organisations should treat inbox-based trust as a governance risk, not merely a spam or phishing issue.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging at 37% and over-privileged accounts at 37%.
A question worth separating out:
Q: What should teams do with lessons from a security conference like this?
A: Teams should convert the lessons into specific control changes, ownership, and reporting. Useful conference insights lead to policy updates, better escalation paths, and clearer accountability for identity-related workflows. If the learning does not change a control or metric, it remains awareness rather than programme improvement.
👉 Read our full editorial: Email security event insights that matter for identity teams
