Email Encryption Tools: Top Solutions for UK Business Security

The Role of Encryption Tools in Email Security

Email encryption tools sit within a broader email security stack. They are distinct from — but complementary to — anti-phishing filters, anti-spam gateways, DMARC/SPF/DKIM authentication and email archiving. The specific job of an encryption tool is to protect the confidentiality of message content: ensuring that only the intended recipient can read what you have sent.

For UK businesses, the driver for encryption tools is typically one or more of: UK GDPR Article 32 compliance, client or contractual requirements, sector regulation (SRA for solicitors, FCA for financial services, CQC for healthcare) or internal security policy.

Microsoft Purview Message Encryption

Previously known as Office Message Encryption (OME), Microsoft Purview Message Encryption is the built-in encryption capability within the Microsoft 365 ecosystem. It is the logical starting point for any business already on Microsoft 365.

Key features:

• Policy-driven encryption via Exchange transport rules and DLP policies
• Manual encryption option within Outlook (desktop and web)
• Secure web portal access for recipients without Microsoft accounts
• Read receipt confirmation
• Integration with Microsoft Purview compliance centre for audit and eDiscovery
• Do Not Forward and Encrypt Only options

Availability: Included in Microsoft 365 Business Premium (from approximately £19.70 per user per month) and higher plans including E3 and E5.

Egress Protect and Egress Prevent

Egress specialises in outbound email security and is one of the most widely deployed email data loss prevention and encryption tools among UK organisations. Its two core products work together:

• Egress Protect: Policy-based email encryption with secure web portal delivery, message recall, recipient identity verification and access auditing.
• Egress Prevent: AI-powered misdirected email prevention — it detects when a user is about to send an email to the wrong person and prompts them to confirm or cancel before sending.

Together, these tools address both the confidentiality requirement (encryption) and the human error risk (misdirection) that accounts for a significant proportion of UK data breaches. Egress integrates with Microsoft 365 and Google Workspace and is priced on a per-user, per-month basis from approximately £4–£10 per user depending on the modules included.

Mimecast Secure Messaging

Mimecast's platform includes Secure Messaging as part of its comprehensive email security gateway. Messages requiring encryption are automatically redirected to Mimecast's secure portal based on policy rules, and recipients access them via a web portal or Mimecast's browser extension.

Mimecast is particularly well-suited for businesses that are already using Mimecast for email continuity, anti-spam or archiving — adding secure messaging extends existing infrastructure rather than introducing a new vendor. Pricing is typically bundled within Mimecast's per-user package, approximately £6–£14 per user per month depending on the bundle.

Proofpoint Email Protection with Encryption

Proofpoint's email encryption capability is embedded within its broader Email Protection platform, which combines anti-spam, anti-phishing, DLP and encryption in a single gateway. For businesses that want a single vendor for inbound threat protection and outbound data protection, this integrated approach reduces complexity.

Proofpoint is more commonly seen in larger SMEs and enterprise deployments where sophisticated inbound threat protection is also required. Pricing reflects its enterprise positioning — expect to pay from approximately £8–£15 per user per month for a bundle including encryption.

Zivver

Zivver is a European secure communications platform with a strong footprint in UK regulated industries, particularly healthcare, legal and local government. It provides end-to-end encrypted email and file transfer, with recipient verification via a PIN or one-time password sent to a mobile number.

Zivver's strength is its focus on secure outbound communication in environments with strict data protection requirements. It integrates with Microsoft 365 via an Outlook add-in and web app. Pricing is per user per month, typically from £4–£8 for business plans.

S/MIME Certificate Tools

For organisations requiring true end-to-end encryption without reliance on a cloud portal, S/MIME certificates from trusted CAs provide the strongest technical guarantee. The main certificate providers for UK businesses are:

• Sectigo (formerly Comodo CA): Personal email certificates from approximately £15–£30 per user per year
• DigiCert: Enterprise-grade S/MIME certificates, typically purchased in volume for managed deployment
• GlobalSign: S/MIME certificates with Microsoft 365 integration support, from approximately £20–£40 per user per year

Certificate management tools such as Venafi or Microsoft's Certificate Services can automate certificate lifecycle management, reducing the operational overhead of S/MIME deployments at scale.

Selecting and Deploying Email Encryption Tools

The selection process should involve:

1. Auditing what personal and sensitive data you send by email and to whom
2. Confirming your Microsoft 365 licensing (OME may already be available)
3. Assessing whether policy-based automation is required (it almost always is — relying on users to manually apply encryption leads to gaps)
4. Evaluating recipient experience — portal-based access adds friction; assess whether this is acceptable for your typical external correspondents
5. Confirming that chosen tools meet any sector-specific requirements (e.g., NHS DSP Toolkit requirements for healthcare organisations)