In 2005 I founded a finance company that went on to become a successful multi-million dollar business. I left that company completely in 2015 and relinquished any and all control over all operations. Sadly, that meant that - compliant with normal business practice - my company emails ceased to function. Despite being the founder of the business, I was unable to retain an email redirection - causing all sorts of communication problems.
The domain we used for email generally wasn't the same as that of the company website. However, when I left that changed and and a generic exchange server was set up with an Aussie ISP using the primary domain name. Last week I did a WHOIS search out of curiosity and noticed that the former domain hadn't only expired... but it had been expired for nearly 4 months. I quickly snapped up the name and reactivated my old email with a catch-all set up for the other addresses I may have created over the period. Within a few hours, hundreds of emails that had been bouncing around the web started piling into my Inbox - many of them extremely sensitive (containing financial records and other personal data).
The message is clear, and it goes beyond just "protecting your brand": don't let your domain names expire.