What Microsoft's New Email Security Data Reveals About Today's Biggest Threats

What Microsoft’s New Email Security Data Reveals About Today’s Biggest Threats

Email remains one of the most exploited entry points for cyberattacks. Phishing alone accounted for more than 90% of data breaches last year, according to multiple industry reports. Microsoft recently published the results of a year-long benchmark on email security effectiveness—drawn from real-world telemetry across its Defender for Office 365 customer base. The findings offer a clear picture of current threats and, more importantly, which defences actually stop them.

What the Year-Long Benchmark Shows

Microsoft analyzed billions of emails processed between mid‑2025 and mid‑2026. The data covers threat volumes, common attack methods, and how often security controls failed. Key takeaways include:

• High volume of malicious email: On average, more than 300 million phishing messages were blocked every month. Business email compromise (BEC) attempts continued to rise, often bypassing basic filters.
• Spoofing and impersonation are the top tactics: Attackers increasingly spoof trusted domains or impersonate executives. These attacks succeeded at a higher rate than traditional malware‑laden emails.
• Bypass rates are not zero: Even with advanced protection, roughly 0.5% to 1% of malicious messages reached inboxes. That small fraction can still cause significant damage, especially in smaller organisations with fewer resources.

The benchmark also highlighted which security controls had the highest impact.

Why This Matters for Everyday Users and Businesses

The data confirms that no single layer of protection is sufficient. Many organisations rely solely on Microsoft’s built‑in anti‑spam and anti‑phishing filters, but those alone won’t stop targeted impersonation or zero‑day attacks. The benchmark found that environments using multi‑factor authentication (MFA) experienced 99.9% fewer account compromises. Yet many small businesses still haven’t enabled MFA for email accounts.

Similarly, email authentication protocols like DMARC, SPF, and DKIM significantly reduced domain spoofing—but adoption remains patchy. Microsoft’s own research shows that only about 40% of business domains have a valid DMARC policy configured. The rest are left vulnerable to spoofing attacks that can trick employees and customers alike.

Practical Steps to Improve Your Email Security

Based on the benchmark data and supporting research (including a Forrester study showing 124% ROI for unified Microsoft security), here are concrete actions you can take:

1. Enable multi‑factor authentication everywhere – Start with email accounts. Use an authenticator app or hardware key rather than SMS. This alone blocks the vast majority of credential‑theft attacks.
2. Configure DMARC, SPF, and DKIM – These protocols help prevent attackers from forging your domain. Even a “p=none” DMARC policy gives you visibility into unauthorised use. Move to “p=quarantine” or “p=reject” once you’ve verified your sending sources.
3. Turn on advanced anti‑phishing policies – In Microsoft Defender for Office 365, enable impersonation protection for executives and sensitive domains. Also enable mailbox intelligence to detect anomalous forwarding rules.
4. Train users to spot red flags – No filter catches everything. Regular, short training sessions on common phishing cues (urgent language, mismatched URLs, unexpected attachments) reduce the chance that a user will click a malicious link.
5. Review and reduce email forwarding rules – Attackers often create automatic forwarding rules to exfiltrate data. Regularly audit your users’ inbox rules for unusual external forwarding.
6. Consider a unified security platform – The Forrester study found that organisations integrating Microsoft Security products (Defender, Sentinel, Entra ID) saw faster detection and lower total cost. If you’re already in the Microsoft ecosystem, consolidating can simplify management and improve threat correlation.

The Bottom Line

Email threats are not going away—they’re becoming more targeted and harder to detect. The Microsoft benchmark gives us a data‑driven look at where defences hold up and where they fall short. The good news is that the most effective controls (MFA, DMARC, user training) are well understood and affordable. The challenge is implementation. For most businesses, the biggest risk isn’t the sophistication of the attack, but the absence of basic protections.

Start with the checklist above. Even a few steps can dramatically reduce your exposure.

Sources

• Microsoft Blog, “Microsoft Defender email security benchmarking: Key insights from one year of data,” June 15, 2026.
• Microsoft Blog, “New Forrester study shows customers who unified with Microsoft Security benefited from 124% ROI,” June 18, 2026.
• Microsoft Blog, “Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security,” December 5, 2025.