Notifications
Clear all
Topic starter
27/06/2026 1:22 pm
TL;DR: NFP’s acquisition-heavy operating model made legacy email security administration unsustainable, pushing the organisation to simplify controls, reduce inefficient spend, and improve detection of advanced threats and executive graymail, according to Abnormal AI. The case underscores that email security governance breaks when organisational complexity outruns tool assumptions.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams manage email security after repeated acquisitions?
A: They should treat email security as part of merger integration, not as a separate gateway refresh.
Q: When does a legacy secure email gateway become a governance liability?
A: It becomes a liability when administration, exception handling, and policy drift consume more effort than the control saves.
Practitioner guidance
- Inventory acquisition-driven policy exceptions Track every inherited SEG exception, delegated admin path, and domain-specific rule after each acquisition so you can see where control debt is accumulating.
- Separate executive graymail from threat detection Build distinct governance for inbox clutter reduction and malicious email detection, then measure each outcome independently across executive mailboxes.
- Tie email security onboarding to merger integration Require new domains, mailbox groups, and administrative ownership to be mapped into the security operating model before the integration is declared complete.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The decision criteria that led NFP to reconsider its legacy SEG model after repeated acquisitions.
- The specific ways the team reduced administrative complexity while improving threat detection.
- The executive graymail use case that shaped the email security overhaul.
- The on-demand webinar format with the practical discussion the source uses to explain the change.
👉 Read Abnormal AI's webinar on how NFP rethought legacy email security →
Legacy SEG limits in acquisition-heavy enterprises: what changed at NFP?
Explore further
27/06/2026 2:42 pm
Acquisition-driven email security sprawl is a governance problem before it is a tooling problem. NFP’s situation shows how quickly legacy SEG administration becomes unsustainable when organisational boundaries keep changing. Repeated acquisitions create inherited policies, duplicated exceptions, and operational drag that no single configuration team can absorb cleanly. The lesson for practitioners is to treat email security as part of post-merger identity and control integration, not as a standalone gateway decision.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: What should teams measure when replacing a legacy email security stack?
A: Measure reduction in manual administration, exception volume, and policy inconsistency, not just alert counts. If those operational burdens do not fall, the new stack may improve capability on paper without actually improving governability in a complex enterprise.
👉 Read our full editorial: NFP’s email security reset shows the limits of legacy SEG models
