Nearly all Microsoft 365 customers have suffered email data breaches

Scammers
(Image credit: Pixabay)

Using Microsoft 365, the software giant’s cloud-based communications and collaboration platform, could be a security liability for many organizations, a new report from Egress seems to suggest.

The data security company’s new Outbound Email: Microsoft 365’s Security Blind Spot paper, based on a poll of 500 IT leaders and 3,000 remote-workers in the UK and US, claims businesses who use Microsoft 365 suffer more email data breaches and have to deal with more difficult consequences in the aftermath.

Were it not for the pandemic, however, things would probably have been different.

More than two-thirds (67%) of IT leaders said the increase in email data breaches happened due to home working, compared to just below a third (32%) among those whose organizations don’t use Microsoft’s cloud-based collaboration and communication platform.

Furthermore, almost all (93%) businesses who use the service reported negative impacts following an email data breach, fewer than those who don’t use it (84%).

More than one in six (15%) of those using Microsoft 365 suffered more than 500 data breaches last year, compared to just 4% among those that don’t.

At the end of the day, the problem doesn’t seem to be in the platform itself, but in the way people use ut. More than a quarter of IT leaders (26%) said a severe data loss incident came from an employee sharing data via email by mistake. Yet again, the figure drops among businesses that don’t use Microsoft 365 - 14%.

The worst part is that IT leaders aren’t overly optimistic about the future, not believing things would change for the better, any time soon. More than three-quarters (76%) believe remote and hybrid working will make it harder to prevent email data loss from Microsoft 365 in the future.

Among those not using the service, just 40% share the same outlook.

“Microsoft 365 has seen phenomenal adoption during the Covid-19 pandemic and has brought cost and efficiency benefits to many organizations, but its security limitations are clear to see,” commented Egress’ Chief Technology Officer Darren Cooper.

“We can’t ignore the risk of email data loss from Microsoft 365 and the shortcomings of static DLP solutions to mitigate the outbound email security risks that organizations face today. Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk. Organizations need to take proactive steps now to secure their data using intelligent solutions that can understand an individual user’s behavior and the context in which they’re sharing data to prevent data loss before it happens,” Cooper concluded.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
OneDrive on a Laptop
Microsoft One Drive for Business might not be storing your data as securely as you might hope
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
A padlock resting on a keyboard.
Massive botnet is targeting Microsoft 365 accounts across the world
Data Breach
Thousands of widely-used public workspaces are leaking data
Holographic representation of cloud computing over open businessman's hand
AWS, Azure and Google Cloud credentials from old accounts are putting businesses at risk
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
Third-party data breaches have become a major security concern
Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
Apple iPhone 16 Review
Three iPhone 17 model dummy units appear in a hands-on video leak
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
New Samsung Galaxy S25 Edge may have revealed some key details – including its price
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 9 (game #1140)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 9 (game #371)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 9 (game #637)
WhatsApp
WhatsApp just made its AI impossible to avoid – but at least you can turn it off