According to an Osterman research survey from 2018*, 44 percent of organizations report falling victim to an account takeover (ATO)-based email attack. ATO-based attacks are highly dangerous and are often successful since they're executed using a trusted user's email account.
ATO attacks are often initiated using phishing, brute force, or malware attacks. Office 365 admins can successfully mitigate the risk of an ATO attack in their Office 365 environment by hardening their Office 365 configuration.
* Best Practices for Protecting Against Phishing, Ransomware and BEC Attacks, Osterman Research 2018.