An alarming 85% of organizations using Microsoft 365 have suffered email data breaches, research by Egress reveals

Research reveals organizations using Microsoft 365 experience more breaches, with more severe impacts

Thought leadership

LONDON, UK – 11th May 2021– Egress’ Outbound Email: Microsoft 365’s Security Blind Spot report has revealed that 85% of organizations using Microsoft 365 have suffered email data breaches in the last 12 months.

Remote working has exacerbated the risk of an email data breach – and the risk is intensified for Microsoft users, with 67% of IT leaders reporting an increase in data breaches due to remote work, versus just 32% of IT leaders whose organizations aren’t using Microsoft 365. Looking to the future, 76% of IT leaders report that remote and hybrid working will make it harder to prevent email data loss from Microsoft 365, compared to 40% of those not using it.

The study, independently conducted by Arlington Research on behalf of Egress, interviewed 500 IT leaders and 3,000 remote-working employees in the US and UK across vertical sectors including financial services, healthcare and legal.


Additional insights include:

  • 93% of organizations who use Microsoft 365 report suffering negative impacts following an email data breach, compared to 84% of organizations who do not use Microsoft 365
  • 15% of organizations using Microsoft 365 have suffered over 500 data breaches in the last year, compared to just 4% of organizations not using it
  • 26% of IT leaders reported experiencing a severe data loss incident that came from an employee sharing data in error via email. The number was lower for organizations without Microsoft 365: 14%
  • Of the IT leaders using static DLP within their Microsoft 365 environment, 100% of respondents were frustrated by its use

Data breaches are more frequent – and the impacts are more severe – for Microsoft 365 users

For organizations using Microsoft 365, data breaches are happening far more frequently, with 15% of organizations using it experiencing over 500 incidents in the last year, compared to just 4% of organizations using other email clients. Those using Microsoft 365 are also more likely to experience accidental email, with over one-quarter (26%) reporting incidents caused by an employee sharing data in error via email, compared to just 14% of organizations without Microsoft 365.

The consequences for Microsoft users also tend to be more severe, with an overwhelming 93% of organizations using Microsoft 365 reporting experiencing negative impacts as a result of a breach, compared to 84% of organizations not using it.

100% of the IT leaders that had deployed static email DLP into their Microsoft 365 environment were frustrated by it. 43% reported these tools required a high level of admin to maintain and 26% said they created friction for their users.

Egress Chief Technology Officer, Darren Cooper, comments: “Microsoft 365 has seen phenomenal adoption during the COVID-19 pandemic and has brought cost and efficiency benefits to many organizations, but its security limitations are clear to see. We can’t ignore the risk of email data loss from Microsoft 365 and the limitations of static DLP solutions to mitigate the outbound email security risks that organizations face today. Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk. Organizations need to take proactive steps now to secure their data using intelligent solutions that can understand an individual user’s behavior and the context in which they’re sharing data to prevent data loss before it happens.”


This research was conducted by independent organization Arlington Research among 500 IT leaders and 3000 remote-working employees in the financial services, legal and healthcare sectors within the UK and the US.

Contact our PR team

Jordan 230X230

Jordan Brackenbury

Public Relations Manager

Email Jordan


Rebecca Bailey

Senior Corporate Marketing Manager

Email Rebecca

About Egress

Our mission is to eliminate the most complex cybersecurity challenge every organization faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behavior such as misdirected emails, data exfiltration, and targeted spear-phishing attacks.

Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York, and Boston.

You might also be interested in ...