85% of organizations using Microsoft 365 suffered email data breaches over the past 12 months: Study

85% of organizations using Microsoft 365 have suffered email data breaches in the last 12 months, according to Egress’ Outbound Email: Microsoft 365’s Security Blind Spot report.

Remote working has exacerbated the risk of an email data breach – and the risk is intensified for Microsoft users, with 67% of IT leaders reporting an increase in data breaches due to remote work, versus just 32% of IT leaders whose organizations aren’t using Microsoft 365. Looking to the future, 76% of IT leaders report that remote and hybrid working will make it harder to prevent email data loss from Microsoft 365, compared to 40% of those not using it.

The study, independently conducted by Arlington Research on behalf of Egress, interviewed 500 IT leaders and 3,000 remote-working employees in the US and UK across vertical sectors including financial services, healthcare and legal.

Additional insights include:

• 93% of organizations who use Microsoft 365 report suffering negative impacts following an email data breach, compared to 84% of organizations who do not use Microsoft 365
• 15% of organizations using Microsoft 365 have suffered over 500 data breaches in the last year, compared to just 4% of organizations not using it
• 26% of IT leaders reported experiencing a severe data loss incident that came from an employee sharing data in error via email. The number was lower for organizations without Microsoft 365: 14%
• Of the IT leaders using static DLP within their Microsoft 365 environment, 100% of respondents were frustrated by its use

Data breaches are more frequent – and the impacts are more severe – for Microsoft 365 users

For organizations using Microsoft 365, data breaches are happening far more frequently, with 15% of organizations using it experiencing over 500 incidents in the last year, compared to just 4% of organizations using other email clients. Those using Microsoft 365 are also more likely to experience accidental email, with over one-quarter (26%) reporting incidents caused by an employee sharing data in error via email, compared to just 14% of organizations without Microsoft 365.

The consequences for Microsoft users also tend to be more severe, with an overwhelming 93% of organizations using Microsoft 365 reporting experiencing negative impacts as a result of a breach, compared to 84% of organizations not using it.

100% of the IT leaders that had deployed static email DLP into their Microsoft 365 environment were frustrated by it. 43% reported these tools required a high level of admin to maintain and 26% said they created friction for their users.

Egress Chief Technology Officer, Darren Cooper, comments: “Microsoft 365 has seen phenomenal adoption during the COVID-19 pandemic and has brought cost and efficiency benefits to many organizations, but its security limitations are clear to see. We can’t ignore the risk of email data loss from Microsoft 365 and the limitations of static DLP solutions to mitigate the outbound email security risks that organizations face today. Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk. Organizations need to take proactive steps now to secure their data using intelligent solutions that can understand an individual user’s behavior and the context in which they’re sharing data to prevent data loss before it happens.”