Study examines email security levels and concerns among businesses using Microsoft 365
Email security is one of the main topics of concern for any IT department, and for good reason. Security breaches often lead to loss of sensitive data, operation downtime, and lost revenue. A recent survey of 420+ businesses found that 23% of them, or 1 in 4, reported an email-related security breach. Of these security breaches, 36% were caused by phishing attacks targeting arguably the weakest point of any security system, end users.
The survey was conducted by the Hornetsecurity Group, a powerful email security solutions provider. The company questioned businesses that use the Microsoft 365 platform with the aim of understanding how they are handle email security in an increasingly decentralized working environment.
User-compromised passwords and phishing attacks were the reason for 62% of all security breaches reported. 54% of all respondents said they have yet to implement Conditional Access rules, along with Multi Factor Authentication, which prevents users from logging into their account from unsecured networks. A third (33%) of respondents are also yet to implement Multi-Factor Authentication across all users.
There seems to be a disconnect between the expectations that businesses have of Microsoft 365’s email security, and the reality: While 2 out of every 3 expect Microsoft to keep them safe from email threats, half of all respondents resort to third-party solutions to supplement email security.
Those organizations that use third-party solutions reported the lowest rate of email security breaches in comparison to organizations only using security packages offered by Microsoft 365. 82% of all respondents who use third-party email security solutions reported no breaches.
Additionally, of those who reported paying extra for Microsoft’s Enterprise Mobility & Security E3 or E5, 48% still make use of third-party solutions. So, while expectations of Microsoft 365’s email security are high, the reality is that most companies believe it’s not enough; and the numbers back up that claim.
74% of all security breaches reported in this survey were experienced by companies that fell within the 201-1000+ employee bracket. This is likely due to factors such as budget and recruitment priorities that do not recognize digital security as a major concern. Once the employee count exceeds 1,000, the incidence of an email breach decreases to 17% – probably due to reactions to previous security concerns and the ability to invest in more robust security protocols.