Everything has zero days. The best path is the one with the most eyes on it discovering these issues sooner.
In terms of what path would be considered a better one over the last 5 or so years. Exchange server, as an example, has had some of the worse hacks/zero-days available that have been abused for a very long time before they were addressed. MS Exchange and by extension, their integrated email solution has been a complete security failure.
Hackers have been talking through business emails on exchange for years undetected. MS closed a heap of zero days recently, but considering the poor performance here, there are likely many more.

Then if we look at basic local Email applications, again, having to run email from one of the most hardened tools, the browser, is a better path. I see no real advantage of a tool like thunderbird or similar. This is why Thunderbird and tools like it have lost a lot of traction in recent years. Thunderbird, as an example, was even considered to be made EOL by Mozilla.

MS online Email tools/Gmail. They work great, can access and search all your emails from any 2FA terminal. Decentralised, reduce backup needs etc. For a business, it a no-brainer.

MS OWA simply is no replacement for the full Outlook client, especially for power users that need access to more than just one mailbox. That's why Microsoft is still pushing local clients. While Microsoft is trying to get their "Office Experience" into the cloud, they're clearly not there yet. The web-based clients for Excel, Word and Powerpoint, for example, come with severe limitations. About the only piece of software that's better in a browser than in the full client coming from Microsoft seems to be MS Teams, as this thing apparently started as a web app...

Same thing with apps for your phone. A native app usually beats any web-based app in both integration (push messages, integration with other apps) and speed.

Google took a different approach right out of the gates: Without any "local legacy", their "office" replacement has always been a Web-only experience. Still, most of the world runs Microsoft's stack of Office applications, so if you interface with this world, you running the same tools becomes almost unavoidable.

Abt 95% of the DeLuxe stuff we get at the theater I'm at comes via satellite and physical DCP's.
My experience dealing with ASPIRA is mainly repertory content coming from smaller distributors and/or
independent filmmakers. For some reason, we've had alotta trouble getting the Aspira client to install &
work properly on our booth workstation computer, so I usually wind up doing the Aspira downloads at
home, where I have a lightning-fast direct fiber connection that can do the download a lot faster and
easier (and in my pajamas!) than at the theater. I run a pretty tight firewall & anti-virus program at home,
so I"m not too concerned about running Aspira, but I'll definitely read up more now on the potential vulnerability