Organizations using Microsoft 365 experience more breaches, with more severe impacts

85% of organizations using Microsoft 365 have suffered email data breaches in the last 12 months, an Egress report reveals.

Microsoft 365 breaches

The increased amount of remote work as a result of the pandemic has exacerbated the risk of an email data breach ‑ and the risk is intensified for Microsoft users, with 67% of IT leaders reporting an increase in data breaches due to remote work, versus just 32% of IT leaders whose organizations aren’t using Microsoft 365.

Looking to the future, 76% of IT leaders report that remote and hybrid working will make it harder to prevent email data loss from Microsoft 365, compared to 40% of those not using it.

The study conducted by Arlington Research, interviewed 500 IT leaders and 3,000 remote-working employees in the US and UK across vertical sectors including financial services, healthcare and legal.

Additional insights

  • 93% of organizations who use Microsoft 365 report suffering negative impacts following an email data breach, compared to 84% of organizations who do not use Microsoft 365
  • 15% of organizations using Microsoft 365 have suffered over 500 data breaches in the last year, compared to just 4% of organizations not using it
  • 26% of IT leaders reported experiencing a severe data loss incident that came from an employee sharing data in error via email. The number was lower for organizations without Microsoft 365: 14%
  • Of the IT leaders using static DLP within their Microsoft 365 environment, 100% of respondents were frustrated by its use

Breaches more frequent and impacts more severe for Microsoft 365 users

For organizations using Microsoft 365, data breaches are happening far more frequently, with 15% of organizations using it experiencing over 500 incidents in the last year, compared to just 4% of organizations using other email clients.

Those using Microsoft 365 are also more likely to experience accidental email, with 26% reporting incidents caused by an employee sharing data in error via email, compared to just 14% of organizations without Microsoft 365.

The consequences for Microsoft users also tend to be more severe, with an overwhelming 93% of organizations using Microsoft 365 reporting experiencing negative impacts as a result of a breach, compared to 84% of organizations not using it.

Microsoft 365 breaches

100% of the IT leaders that had deployed static email DLP into their Microsoft 365 environment were frustrated by it. 43% reported these tools required a high level of admin to maintain and 26% said they created friction for their users.

Egress CTO, Darren Cooper, comments: “Microsoft 365 has seen phenomenal adoption during the COVID-19 pandemic and has brought cost and efficiency benefits to many organizations, but its security limitations are clear to see. We can’t ignore the risk of email data loss from Microsoft 365 and the limitations of static DLP solutions to mitigate the outbound email security risks that organizations face today.

“Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk. Organizations need to take proactive steps now to secure their data using intelligent solutions that can understand an individual user’s behavior and the context in which they’re sharing data to prevent data loss before it happens.”

Don't miss