I should have included the words "end-to-end" here. One of the things we
did at ${MEGABANK} was slowly, over a period of years, enforce mandatory
TLS on all outbound mail (if your recipient couldn't do TLS, your email
bounced back to you with an error message). We had to do it slowly
because you'd be amazed (and horrified) how many institutions couldn't
(or wouldn't) use TLS for email, and how long it took them to fix it. We
had opportunistic TLS incoming as well, and the email system added a
"padlock" icon to the displayed email; closed if it had been sent using
and open otherwise.

It also took a long time because of the user and helpdesk education
required. I spent a lot of time flying round the world presenting about
email security to managers, both IT and business.

We also put in a PGP Universal server, which worked so poorly (for all
kinds of reasons, most of them non-technical) that we took it out again.

I'm still scarred by the whole experience. :o)
See above. TLS solves this. But what it doesn't do is provide end-to-end
encryption, which is required in some regulated industries. Oh and you
also need to provide for legal discovery, even if the people have left and
deleted their keys and key recovery for when your users forget their
passphrases. It's a nightmare.
True. But it still gives me nightmares.

(Not really. I'm retired. I no longer GAS, except as an end user.)

The Michael W Lucas book is invaluable:

https://www.nostarch.com/pgp.htm

If you don't understand it, us mere mortals are fucked.
Or social engineering, or simple mistakes by the users. One of the initial
solutions we tried required users to put the string "[Encrypt]" in the Subject
of their emails. They couldn't even manage that.