IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
1 in every 4 companies using Microsoft 365 suffered security breach
Wed, 11th Aug 2021
FYI, this story is more than a year old

One in every four companies suffered at least one email security breach, a new survey from Hornetsecurity has found.

The study examined email security levels and concerns among businesses using Microsoft 365. The survey questioned businesses that use the Microsoft 365 platform looking to understand how they handle email security in an increasingly decentralised working environment.

According to Hornetsecurity, email security is one of the main topics of concern for any IT department, and for good reason.

Security breaches often lead to loss of sensitive data, operation downtime, and lost revenue. The survey of 420+ businesses found that 23% of them, or 1 in 4, reported an email-related security breach. Of these security breaches, 36% were caused by phishing attacks targeting arguably the weakest point of any security system, end-users.

62% of all breaches caused by compromised passwords - phishing attacks

User-compromised passwords and phishing attacks were the reason for 62% of all security breaches reported. 54% of all respondents said they have yet to implement Conditional Access rules, along with Multi-Factor Authentication, which prevents users from logging into their accounts from unsecured networks. A third (33%) of respondents are also yet to implement Multi-Factor Authentication across all users.

68% of companies expect Microsoft 365 to keep them safe from email threats, yet 50% use third-party solutions

There seems to be a disconnect between the expectations that businesses have of Microsoft 365s email security, and the reality: While 2 out of every 3 expect Microsoft to keep them safe from email threats, half of all respondents resort to third-party solutions to supplement email security.

Third-Party Solutions the most effective, with 82% reporting no breaches

Those organisations that use third-party solutions reported the lowest rate of email security breaches in comparison to organisations only using security packages offered by Microsoft 365. 82% of all respondents who use third-party email security solutions reported no breaches.

Additionally, of those who reported paying extra for Microsofts Enterprise Mobility - Security E3 or E5, 48% still make use of third-party solutions. So, while expectations of Microsoft 365s email security are high, the reality is that most companies believe its not enough; and the numbers back up that claim.

Companies with between 201-1,000+ employees are the most vulnerable to email security breaches

74% of all security breaches reported in this survey were experienced by companies that fell within the 201-1000+ employee bracket. This is likely due to factors such as budget and recruitment priorities that do not recognise digital security as a major concern. Once the employee count exceeds 1,000, the incidence of an email breach decreases to 17% - probably due to reactions to previous security concerns and the ability to invest in more robust security protocols.