A report released this month confirms that 85% of Microsoft 365 business users have suffered email data breaches. Are you one of them? The Outbound Email: Microsoft 365’s Security Blind Spot paper, based on research from 500 IT leaders and 3,000 remote workers in the UK and the United States, claims that organizations that use 365 have many more email breaches than those that don’t. Unsurprisingly, the now-norm practice of remote-working resulting from the coronavirus pandemic is believed to be largely responsible for this vulnerability.


Here are some hard and eye-opening statistics that will make you think about the security offered by Microsoft 365:

  • 67% of IT professionals stated that the increase in email data breaches was a consequence of remote working
  • 93% of companies using the cloud-based communications and collaboration platform reported a negative impact following a breach
  • 15% of Microsoft 365 users had more than 500 email data breaches in 2020


Microsoft 365 has built-in safeguards to prevent email data loss. Unfortunately, they are based on static Data Loss Prevention (DLP) rules with the exchange server. These rules simply aren’t intelligent enough to dynamically mitigate incidents in the way current email use requires and 100% of respondents in the Microsoft 365’s security blind spot report are dissatisfied with DLP implementation. Moreover, with the prevalence of remote working, traditional DLP solutions are unable to cope with the massive increase in email data loss. Egress’ Chief Technology Officer Darren Cooper had this to say:

“Microsoft 365 has seen phenomenal adoption during the COVID-19 pandemic and has brought cost and efficiency benefits to many organisations, but its security limitations are clear to see. We can’t ignore the risk of email data loss from Microsoft 365 and the shortcomings of static DLP solutions to mitigate the outbound email security risks that organisations face today.”


While the Microsoft 365 software and DLP protocols may be to blame in part for these breaches, the weakest link is us humans. 26% of respondents to the report stated that a severe data loss was because an employee shared data via email by mistake. Human error is a characteristic phenomenon in IT, particularly when it comes to email, data security, data backup, and network management. The strange thing is that only 14% of those not using Microsoft 365 lost data due to inappropriate email sharing.


To answer the question, probably not. Not in the foreseeable future, anyway. 76% of IT experts predict that remote and hybrid working will make it much more difficult to prevent email data loss from Microsoft 365. Cooper says:

“Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk. Organisations need to take proactive steps now to secure their data using intelligent solutions that can understand an individual user’s behaviour and the context in which they’re sharing data to prevent data loss before it happens.”


Are you worried about the safety and security of your client’s precious data? Do you have concerns over the integrity of the Microsoft 365 productivity suite? Is your business at risk due to employee error and lack of IT training? I can help. With more than 20 years of experience in professional business IT focusing on risk migration and cybersecurity, I will counsel and guide you on the best strategies for your IT. Contact me now and let’s make a plan.

Leave a comment