[ConservativeMind]

You are fooling yourself if you believe the administrators of your key management, of your network, and of your computer, cannot reset or utilize your existing information. Additionally, your email is not guaranteed to be encrypted and inaccessible within your computer or network.

[palmer]

I default to end-to-end encryption. It is only plaintext if I override the default (which I have to do if any recipients don't have certs or have invalid or expired certs). Additionally all my sent mail is encrypted with my public key before it is stored on the company email server.

You should really learn about end-to-end encryption. There is no private key (or symmetric key) "management". That is an 90's concept that was pushed by the statist government and corporations, but it failed miserably when PGP and similar tools came out. Private keys are stored encrypted on people's computers only.

The only possible way you can be correct is if administrators get a network backup and then crack a user's master key that is used to encrypt the private keys. You mentioned it and I considered it, but dismissed it, mainly because I decline to use the company backup (encouraged, but not required at my company). Now that you have dropped that idea and gone back to "key management" which you clearly don't understand, I know my private key is safe from your FUD. My email cannot be decrypted by anyone other than my recipients and myself.

It's been around for decades: https://en.wikipedia.org/wiki/S/MIME and I have not only used it for two decades, but I have worked on related software. It encrypts end-to-end, can only be decrypted with private keys of the recipients or sender. My email cannot be read by anyone else in the middle or in storage on the company server.