Email Encryption Software: Best Tools for UK Businesses

What to Look for in Email Encryption Software

Before comparing products, clarify what you need from email encryption. The answers shape the choice significantly:

• Who are your recipients? If they are always Microsoft 365 users, native Microsoft tools may be sufficient. If you exchange sensitive emails with anyone — clients, solicitors, suppliers — you need a solution that works regardless of the recipient's email platform.
• How sensitive is the data? Contracts and general business correspondence have different requirements than healthcare records, legal privileged information or financial data.
• How technical are your users? Tools that require users to manually apply encryption are less reliable than policy-driven automatic encryption.
• What are your compliance requirements? UK GDPR, Cyber Essentials, sector-specific regulations and client contractual requirements may drive specific choices.

Microsoft 365 Message Encryption (OME)

For organisations already on Microsoft 365, OME is the first option to evaluate. It is included in Microsoft 365 Business Premium and above (approximately £19.70 per user per month as of early 2026) and integrates directly with Outlook and Exchange Online.

How it works: Messages can be encrypted manually in Outlook using a button, or automatically via Exchange transport rules and Microsoft Purview Data Loss Prevention (DLP) policies. Recipients with Outlook or Microsoft accounts read the message natively; others receive a link to a secure web portal.

Strengths: Zero additional cost (within Business Premium), native Outlook integration, policy-driven automation, integration with Microsoft Purview compliance controls, no external account needed for recipients.

Limitations: Portal access for non-Microsoft recipients adds friction. No digital signatures (non-repudiation). Portal links can expire. Not suitable for organisations requiring true end-to-end S/MIME encryption.

Egress Protect

Egress is a UK-based email security vendor focused specifically on outbound email data loss prevention and secure messaging. Egress Protect provides policy-driven encryption, recipient verification and revocable message access — you can revoke access to a sent message after the fact if it was sent to the wrong person.

Pricing: Typically priced on a per-user, per-month basis. Expect approximately £4–£8 per user per month for Egress Protect as a standalone product. Bundle pricing with other Egress modules (Prevent, Threat Protect) reduces per-module cost.

Strengths: UK company with strong ICO compliance alignment, message recall capability, detailed audit logging, integration with Microsoft 365 and Google Workspace, recipient access via web portal or Outlook plugin.

Limitations: Per-user licensing adds to Microsoft 365 costs. Portal access for external recipients, similar to OME.

Proofpoint Email Encryption

Proofpoint offers enterprise-grade email encryption as part of its broader email security platform. It includes policy-based encryption, secure messaging via a hosted portal and integration with Proofpoint's email gateway for DLP-triggered encryption.

Pricing: Proofpoint is enterprise-focused and typically requires a conversation with their sales team for pricing. Expect to pay from around £5–£12 per user per month for encryption as part of a broader Proofpoint bundle.

Strengths: Tight integration with Proofpoint's anti-phishing and threat protection platform, strong enterprise compliance controls, granular policy options.

Limitations: Enterprise pricing model may not suit smaller SMEs. More configuration complexity than OME or Egress for straightforward use cases.

Virtru

Virtru provides end-to-end email encryption for both Gmail and Microsoft 365. It uses the Trusted Data Format (TDF) standard and provides granular controls including expiry dates on messages, forwarding prevention and access revocation.

Pricing: From approximately $3–$8 per user per month (USD-denominated) depending on the plan. Business plans include additional data protection controls.

Strengths: Works with both Gmail and Microsoft 365, strong data governance controls, easy deployment via browser extension or Outlook add-in.

Limitations: US-based vendor — data residency and sovereignty considerations apply for UK businesses with strict data localisation requirements.

S/MIME via Certificate Authorities

For organisations that want true end-to-end encryption without a hosted portal, S/MIME certificates purchased from Certificate Authorities (Sectigo, DigiCert, GlobalSign) provide the most technically robust solution.

Pricing: Personal email certificates typically cost £20–£80 per user per year depending on the CA and validation level.

Strengths: True end-to-end encryption, native client support, digital signatures providing non-repudiation.

Limitations: Both parties must have certificates installed. Certificate management overhead. Exchange of public keys required before encrypted communication.

Choosing the Right Tool

For most UK SMEs using Microsoft 365, the recommendation is:

1. Enable Microsoft OME with DLP policies for routine sensitive communications — no additional cost, good coverage
2. Add Egress Protect or a similar UK-focused solution if you regularly send highly sensitive information externally and need message recall or stronger audit trails
3. Consider S/MIME for specific teams or correspondent relationships where true end-to-end encryption is contractually or regulatorily required