• by Ray Schultz , May 11, 2021

A staggering 85% of organizations using Microsoft 365 have suffered an email data breach compared to 74% of firms overall, according to Microsoft 365’s Security Blindspot, a study released Tuesday by Egress. 

In addition, 67% of those Microsoft users saw an increase in data leaks over the last 12 months, versus 32% of non-Microsoft users. 

The reason for these disparities is that Microsoft 365’s safeguards are not sufficient to dynamically mitigate incidents, the study alleges. 

Nor are some other DLP products. 

Among the errors that can through Microsoft 365’s DLP rules: 

• Adding the wrong recipient
• Attaching the wrong file or not removing data
• Replying to spear phishing attacks
• Misuse of Bcc

It's worth considering that Egress itself offers a DLP product in competition with Microsoft: In that light, some readers might wonder whether these numbers are statistics or allegations. 

That said, independent research company Arlington Research surveyed 500 IT leaders and 3000 remote-working employees in the financial services, legal and healthcare sectors within the UK and the US.

The study reports that 93% of Microsoft 365 have endured negative impacts following an email data breach, compared with 84% of non-users. 

Moreover, 15% of firms using Microsoft 365 have been hit with over 500 data breaches in the last year, versus 4% of the non-users, it says. And 26% of IT leaders in Microsoft 365 user companies say a severe data loss incident resulted from an employee sharing data in error via email, in contrast to 14% in non- user firms. 

Finally, 100% of IT leaders using static DLP within Microsoft 365 said they were frustrated with it. 

 “Microsoft 365 has seen phenomenal adoption during the COVID-19 pandemic and has brought cost and efficiency benefits to many organizations, but its security limitations are clear to see,” states Darren Cooper, Egress chief technology officer.