But your service provider isn't your only worry. If you've opted for any third-party email integration, like combining your email with a third-party customer relationship management (CRM) provider (such as Salesforce), that opens your company's email up to either data-snooping apps deployed by Salesforce or to any data breaches that originate with that service. So the more informed you can be about what's attached to your email service, how that data's being used and accessed and especially by whom, the better off you'll be when it comes time to send confidential email.
Your next major concern will be compatibility. It's not a shock that most businesses run on Microsoft Windows and use some form of Microsoft Office. Being able to use common third-party clients such as Microsoft Outlook can often be a concern, and even today, compatibility with Microsoft Outlook isn't necessarily guaranteed. This is especially true when sending and receiving meeting invites. It only takes one garbled meeting invite to realize how frustrating this can be in the real world. Even if using Microsoft Outlook isn't a concern, portability is. If the service is entirely web-based, then is there a means for me to take my email offline and send email when I connect?