An alarming 85% of organisations using Microsoft 365 have suffered email data breaches, research by Egress reveals

Research reveals organisations using Microsoft 365 experience more breaches, with more severe impacts

Thought leadership

LONDON, UK – 11th May 2021– Egress’ Outbound Email: Microsoft 365’s Security Blind Spot report has revealed that 85% of organisations using Microsoft 365 have suffered email data breaches in the last 12 months.

Remote working has exacerbated the risk of an email data breach even more for Microsoft users, with 67% of IT leaders reporting an increase in data breaches due to working from home, versus just 32% of IT leaders whose organisations aren’t using Microsoft 365. Looking to the future, 76% of IT leaders report that remote and hybrid working will make it harder to prevent email data loss from Microsoft 365, compared to 40% of those not using it.

The study, independently conducted by Arlington Research on behalf of Egress, interviewed 500 IT leaders and 3,000 remote-working employees in the US and UK across vertical sectors including financial services, healthcare and legal.

 

Additional insights include:

  • 93% of organisations who use Microsoft 365 report suffering negative impacts following an email data breach, compared to 84% of organisations who do not use Microsoft 365
  • 15% of organisations using Microsoft 365 have suffered over 500 data breaches in the last year, compared to just 4% of organisations not using it
  • 26% of IT leaders reported experiencing a severe data loss incident that came from an employee sharing data in error via email. The number was lower for organizations without Microsoft 365: 14%
  • Of the IT leaders using static DLP within their Microsoft 365 environment, 100% of respondents were frustrated by its use

Data breaches are more frequent – and the impacts are more severe – for Microsoft 365 users

For organisations using Microsoft 365, data breaches are happening far more frequently, with 15% of organisations using it experiencing over 500 incidents in the last year, compared to just 4% of organisations using other email clients. Those using Microsoft 365 are also more likely to experience misdirected email, with over one-quarter (26%) reporting severe incidents caused by an employee sharing data in error via email, compared to just 14% of organisations without Microsoft 365.

The consequences for Microsoft users also tend to be more severe, with an overwhelming 93% of organisations using Microsoft 365 reporting experiencing negative impacts as a result of a breach, compared to 84% of organisations not using it.

100% of the IT leaders that had deployed static email DLP into their Microsoft 365 environment were frustrated by it. 43% reported these tools required a high level of admin to maintain and 26% said they created friction for their users.

Egress’ Chief Technology Officer Darren Cooper comments: “Microsoft 365 has seen phenomenal adoption during the COVID-19 pandemic and has brought cost and efficiency benefits to many organisations, but its security limitations are clear to see. We can’t ignore the risk of email data loss from Microsoft 365 and the shortcomings of static DLP solutions to mitigate the outbound email security risks that organisations face today. Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk. Organisations need to take proactive steps now to secure their data using intelligent solutions that can understand an individual user’s behaviour and the context in which they’re sharing data to prevent data loss before it happens.”

Methodology

This research was conducted by independent organisation Arlington Research among 500 IT leaders and 3000 remote-working employees in the financial services, legal and healthcare sectors within the UK and the US.

About Egress

Our mission is to eliminate the most complex cybersecurity challenge every organisation faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behaviour such as misdirected emails, data exfiltration, and targeted spear-phishing attacks.

Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York, and Boston.

You might also be interested in ...