Email Security Risk Report 2023

Email security risks in Microsoft 365

Organizations remain vulnerable to advanced phishing attacks, human error, and data exfiltration. 93% of the cybersecurity leaders who were surveyed for this report stated their organization had suffered an email security incident in the last 12 months. 99% of Cybersecurity leaders, meanwhile, admitted to being stressed about email security.

This report sheds light on how these incidents happened and the impact they had on the individuals and organizations involved, while also looking at real-world phishing and data loss trends, highlighting the threats of the future, and analyzing the effectiveness of the security measures in place at the surveyed organizations.

While this report examines inbound phishing attacks and outbound data loss and data exfiltration in distinct two sections, it’s worth noting that 71% of surveyed Cybersecurity leaders consider inbound and outbound email security as part of a single problem to solve. As a result, the technical controls and security awareness and training (SA&T) programs in place to reduce email security risks are examined together.

The survey data used in this report comes from 500 Cybersecurity leaders, all of whom have deployed Microsoft 365 in their organizations. We’ve also combined this with anonymized Egress customer data that measures how the reality of inbound and outbound threats to email security matches with what the surveyed Cybersecurity leaders reported.