Businesses, big and small, may think that they are safe from email breaches if they use Microsoft 365. They are wrong. A report from earlier this month entitled Outbound email: Microsoft 365’s security blind spot reveals that 85% of companies using Microsoft 365 have fallen prey to hacking in the form of email data breaches in the last 12 months. The study interviewed 500 IT leaders and 3,000 remote-working employees in the US and UK across several industry sectors including financial services, healthcare and legal.



The report also claimed that these organizations have experienced more breaches than those not using Microsoft 365. CTOs, CIOs and IT managers are also concerned about how to ensure the security and safety of client data given the current proliferation of remote working.




Since the advent of the coronavirus pandemic, remote working has become the norm. While some say that both employees and employers benefit from working at home, the practice comes with many dangers. Remote working has exacerbated the risk of an email data breach. A phenomenal 67% of IT managers have reported an increase in data breaches as a result of remote working as opposed to 32% of those not using Microsoft 365. Furthermore, 76% of IT leaders predict that remote or hybrid working will make it much more difficult to prevent email data loss using the software.




  • 93% of companies using Microsoft 365 were negatively impacted following a Microsoft 365 email breach.
  • 15% of organizations using Microsoft 365 have had more than 500 breaches in 2020.
  • 26% of businesses reported a severe data loss after an employee erroneously shared data via a Microsoft 365 email.




Microsoft 365 has built-in safeguards to prevent email data loss. Unfortunately, they are based on static Data Loss Prevention (DLP) rules with the exchange server. These rules simply aren’t intelligent enough to dynamically mitigate incidents in the way current email use requires and 100% of respondents in the Microsoft 365’s security blind spot report are dissatisfied with DLP implementation. Moreover, with the prevalence of remote working, traditional DLP solutions are unable to cope with the massive increase in email data loss. Egress’ Chief Technology Officer Darren Cooper had this to say:


“Microsoft 365 has seen phenomenal adoption during the COVID-19 pandemic and has brought cost and efficiency benefits to many organisations, but its security limitations are clear to see. We can’t ignore the risk of email data loss from Microsoft 365 and the shortcomings of static DLP solutions to mitigate the outbound email security risks that organisations face today. Email data breaches are the top security concern for all businesses, and remote working has only exacerbated the risk. Organisations need to take proactive steps now to secure their data using intelligent solutions that can understand an individual user’s behaviour and the context in which they’re sharing data to prevent data loss before it happens.”




There is no question that Microsoft 365 is a fully-functional business productivity tool. But the issue of the security of outbound email needs to be addressed. The only solution to truly prevent human-activated breaches is via technology such as intelligent email security that fully comprehends understands human behaviour.




Intelligent Email Security applies machine learning to combat email data loss. The software adapts to each user’s patterns of working and sharing data to detect issues that rule-based Microsoft 365 DLP rules and packages are unable to foresee. Intelligent Email Security is key to your overall IT strategy and means that your client’s data is secure and your employee are at their most productive.