INFORMATION RISK & EXPOSURE REPORT
An executive summary on Microsoft 365 data security — uncovering hidden exposures, tracking sensitive data movement, and highlighting prioritized actions to protect your business.
📅 Reporting period — June 2026 🏢 Customer — ACME LTDSECTION 01 — KEY FINDINGS
Cognni's automated monitoring continuously analyzes activities across ACME LTD's Microsoft 365 environment. Cognni has isolated three critical patterns that require immediate visibility.
High-severity incidents are deeply tied to Financial and HR records, indicating a potential vulnerability in core business operations. Meanwhile, mass-download anomalies are heavily concentrated in Business and HR, signaling a need for stricter access controls.
KEY FINDING 01 — DETAIL
A breakdown of the 3.9K most critical security events, revealing which data categories are most exposed to high-risk activities.
Financial data presents the most acute risk profile for ACME LTD: over half (50.4%) of all flagged financial events are high-severity. By contrast, Legal data shows high volume but significantly lower severity (4.5%), indicating that security controls should immediately prioritize financial workflows.
KEY FINDING 03 — DETAIL
Anomalous burst downloads executed by a single user within a single category during the reporting timeframe.
Business and HR records account for 72% of all mass-download events. This concentrated activity highlights a specific exfiltration risk to organizational and employee data, strongly suggesting a need to evaluate download thresholds in these departments.
SECTION 02 — WHAT IS YOUR INFORMATION
A comprehensive mapping of all 324.7K sensitive and regulated records actively managed across your Microsoft 365 ecosystem.
Personal Identifiable Information (PII) dominates the landscape, comprising 49% of all mapped records. Protecting this immense volume of personal data is critical for compliance and maintaining the trust of ACME LTD's stakeholders.
SECTION 02 — DETAIL
A granular view of the specific document types and records driving data volume, enabling targeted data governance.
SECTION 02 — PERSONAL INFORMATION
Visibility into highly regulated personal identifiers and their severity levels, revealing where compliance risks are most concentrated.
When Personal Information intersects with Financial records, the risk skyrockets: 91% (200 out of 220) of these overlapping events are classified as high-severity. This represents a critical compliance flashpoint for ACME LTD.
SECTION 03 — WHERE INFORMATION LIVES
Pinpointing exactly where ACME LTD's sensitive information is stored to guide effective access management and policy enforcement.
With 70% of sensitive data residing in OneDrive and SharePoint, traditional email-focused security is insufficient. Securing personal drives and collaborative document libraries must be the primary focus for reducing exposure.
SECTION 04 — INFORMATION IN MOTION
Mapping the flow of sensitive data to identify risky sharing behaviors and external exposure points.
| Shared by Employees | 1K | 1K | 2K | 768 | 2K | 3K |
| Shared to Employees | 2K | 2K | 3K | 2K | 3K | 4K |
| Shared to Organizations | 342 | 720 | 2K | 111 | 2K | 2K |
| Shared to External Contacts | 2K | 3K | 11K | 699 | 11K | 16K |
External sharing is the most significant vector for data exposure at ACME LTD. With massive volumes of Personal (16K), HR (11K), and Business (11K) records leaving the organization, establishing strict external sharing boundaries is paramount.
SECTION 04 — DETAIL
A focused analysis of PDF sharing behaviors, revealing how easily readable and portable document formats are distributed.
Filtered · PDF files · June 2026SECTION 05 — RECOMMENDATIONS
Five high-impact, data-driven security actions to significantly reduce information risk and improve compliance.
Activate automated justification policies for high-severity activities. By prompting users in real-time, ACME LTD can immediately mitigate the 3.9K critical incidents detected during the reporting timeframe while fostering a security-conscious culture.
Implement automated Microsoft Purview Information Protection (MPIP) labeling at the point of creation, prioritizing Legal and Governance data to ensure foundational data protection and compliance.
Conduct an immediate review of the 104 mass-download incidents. Focus first on Business and HR departments (72% of alerts) to rule out internal data hoarding or potential exfiltration threats.
Restrict sensitive external sharing by implementing targeted Data Loss Prevention (DLP) rules. This directly addresses ACME LTD's largest exposure vulnerability: the massive outflow of Personal, HR, and Business records.
Initiate a manager-level review for the 168 top risky users. Combining Cognni's weekly automated alerts with human oversight ensures targeted intervention and prevents repeated risky behaviors.
SUMMARY
Visibility brings control. With 324.7K records mapped and critical exposure points identified, ACME LTD is positioned to take decisive, data-driven action to secure its Microsoft 365 environment.