Office 365 Security Budgets Increase to Stop Phishing

With 78 percent of businesses that utilize Office 365 reporting one or more successful cyberattacks this year, it’s not surprising that IT managers at over half of Office 365-enabled organizations also say they’ve increased their security spending by a robust average 18 percent compared to 2017.

In a survey by Osterman Research in September that was commissioned by Cyren, IT managers and security personnel at companies with 100 to 5000 employees said that phishing was the top source of breaches and that the volume of phishing emails evading existing security and reaching their users is up significantly this year. (Get a free copy of the survey.)No organization reported a decrease in security spending. 

Current security concerns

A Search for Better Phishing Solutions

Around half also gave their current phishing security defenses a “poor” or “mediocre” rating. Coupling this with the increased targeting of Office 365 business accounts by phishers, it was still notable that roughly two-thirds of respondents indicated they would be highly or extremely likely to deploy specialized new services capable of offering a significant improvement in phishing protection (66 percent). The group as a whole also expressed overwhelming interest in an additional layer of protection to help block ransomware (68 percent), as well as a service that might provide improved sandboxing protection to stop increasingly evasive malware (64 percent).

Consistent with this interest in deploying additional layers of phishing and other solutions, the managers said overwhelmingly that, in evaluating new email (or web) security solutions, the most critical criterion is purely and simply security efficacy, with 80 percent rating it important or of the highest importance, well ahead of specific features or factors like advanced security capabilities, the cost of acquisition or ease of maintenance.

Vast Majority Add Security Layer to Office 365

Seventy-eight percent (coincidentally) of respondents reported that they subscribe to a layer of advanced SaaS email security on top of Office 365’s included protections, either from a third-party secure email gateway provider (42 percent) or Office 365’s own advanced security module (36 percent).

This 78 percent figure also underscores that the vast majority of Office 365 customers have moved their email security to the cloud, following their decision to use a cloud-based hosted email platform. This compares to 42 percent reporting they have also deployed cloud-based SaaS web security.

When asked how they might approach evaluating new security solutions, 48 percent reported a preference for cloud-based security services, while 21 percent reported a preference for deploying security on-premises for Office 365. The remaining organizations, 31 percent, have no strong preference either way.

Webinar to discuss improving Office 365 protection

An upcoming webinar on approaches to improve Office 365 phishing protection will feature Osterman Research’s principal analystMichael Osterman and Cyren’s global director of solution engineering, who will point to practical opportunities to enhance defenses.

The survey report is available for free download.