A study from HornetSecurityGroup examines email security levels and concerns among businesses using Microsoft 365

Email security is one of the main topics of concern for any IT department, and for good reason. Security breaches often lead to loss of sensitive data, operation downtime, and lost revenue. A recent survey of 420+ businesses found that 23% of them, or 1 in 4, reported an email-related security breach. Of these security breaches, 36% were caused by phishing attacks targeting arguably the weakest point of any security system, end-users.

Hornetsecurity Group questioned businesses that use the Microsoft 365 platform looking to understand how they handle email security in an increasingly decentralized working environment.

62% of all breaches caused by compromised passwords & phishing attacks

User-compromised passwords and phishing attacks were the reason for 62% of all security breaches reported. 54% of all respondents said they have yet to implement Conditional Access rules, along with Multi-Factor Authentication, which prevents users from logging into their accounts from unsecured networks. A third (33%) of respondents are also yet to implement Multi-Factor Authentication across all users.

68% of companies expect Microsoft 365 to keep them safe from email threats, yet 50% use third-party solutions

There seems to be a disconnect between the expectations that businesses have of Microsoft 365’s email security, and the reality: While 2 out of every 3 expect Microsoft to keep them safe from email threats, half of all respondents resort to third-party solutions to supplement email security.

Third-Party Solutions the most effective, with 82% reporting no breaches

Those organizations that use third-party solutions reported the lowest rate of email security breaches in comparison to organizations only using security packages offered by Microsoft 365. 82% of all respondents who use third-party email security solutions reported no breaches.

Additionally, of those who reported paying extra for Microsoft’s Enterprise Mobility & Security E3 or E5, 48% still make use of third-party solutions. So, while expectations of Microsoft 365’s email security are high, the reality is that most companies believe it’s not enough; and the numbers back up that claim.

Companies with between 201-1,000+ employees are the most vulnerable to email security breaches

74% of all security breaches reported in this survey were experienced by companies that fell within the 201-1000+ employee bracket. This is likely due to factors such as budget and recruitment priorities that do not recognize digital security as a major concern. Once the employee count exceeds 1,000, the incidence of an email breach decreases to 17% – probably due to reactions to previous security concerns and the ability to invest in more robust security protocols.

Source HornetSecurityGroup