The Privacy Rights Clearing house currently tallies 542,608,451 records breached in the past 5 years. Unsecure email certainly contributes to the problem. Small business email (or any email) starts off on a secure or unsecure wired or wireless network then travels over numerous networks through secure or unsecure email servers often vulnerable to people who are in control of those servers.
