Companies are wide open to email security breaches, judging by a new study from Hornetsecurity.
Of businesses surveyed, 23% have suffered an email-related security breach. And 36% were caused by phishing attacks targeting the weakest point in the security ecosystem: The end users.
Hornetsecurity focused on firms using the Microsoft 365 platform.
It also found that 62% of all data breaches are caused by compromised passwords and phishing attacks.
User-compromised passwords and phishing attacks were the reason for 62% of all security breaches reported.
In another depressing finding, 54% of all respondents say they have yet to implement Conditional Access rules along with Multi-Factor Authentication, the latter being a practice that prevents users from logging into their accounts from unsecured networks.
Moreover, 33% have yet to implement Multi-Factor Authentication across all users.
In addition, while 68% expect Microsoft 365 to keep them safe from email threats, 50% use third-party solutions. And 82% of those that use third-party tools report no breaches.
Meanwhile, 74% of all security breaches were experienced by companies that have between 201 and 1000 employees. But the incidence falls to 17% among firms larger than that, probably because such companies have invested in more robust security protocols in response to prior concerns.
Hornetsecurity surveyed over 420 businesses.