Email security is one of the main topics of concern for any IT department, and for good reason. Security breaches often lead to loss of sensitive data, operation downtime, and lost revenue. A recent survey of 420-plus businesses found that 23 per cent of them, or 1 in 4, reported an email-related security breach. Of these security breaches, 36 per cent were caused by phishing attacks targeting arguably the weakest point of any security system, end-users.
The survey was conducted by the Hornetsecurity Group, a leading email security solutions provider. The company questioned businesses that use the Microsoft 365 platform looking to understand how they handle email security in an increasingly decentralised working environment.
62 per cent of all breaches caused by compromised passwords and phishing attacks
User-compromised passwords and phishing attacks were the reason for 62 per cent of all security breaches reported. 54 per cent of all respondents said they have yet to implement Conditional Access rules, along with Multi-Factor Authentication, which prevents users from logging into their accounts from unsecured networks. A third (33 per cent) of respondents are also yet to implement Multi-Factor Authentication across all users.
68 per cent of companies expect Microsoft 365 to keep them safe from email threats, yet 50 per cent use third-party solutions
There seems to be a disconnect between the expectations that businesses have of Microsoft 365’s email security, and the reality: While 2 out of every 3 expect Microsoft to keep them safe from email threats, half of all respondents resort to third-party solutions to supplement email security.
Third-Party Solutions the most effective, with 82 per cent reporting no breaches
Those organisations that use third-party solutions reported the lowest rate of email security breaches in comparison to organisations only using security packages offered by Microsoft 365. 82 per cent of all respondents who use third-party email security solutions reported no breaches.
Additionally, of those who reported paying extra for Microsoft’s Enterprise Mobility and Security E3 or E5, 48 per cent still make use of third-party solutions. So, while expectations of Microsoft 365’s email security are high, the reality is that most companies believe it’s not enough; and the numbers back up that claim.
Companies with between 201-1,000-plus employees are the most vulnerable to email security breaches
74 per cent of all security breaches reported in this survey were experienced by companies that fell within the 201-1000-plus employee bracket. This is likely due to factors such as budget and recruitment priorities that do not recognise digital security as a major concern. Once the employee count exceeds 1,000, the incidence of an email breach decreases to 17 per cent — probably due to reactions to previous security concerns and the ability to invest in more robust security protocols.