I agree with you and have pointed this out. Seems to be going on deaf ears for now.
Tunneling is a feature of the ssh protocol. If they don't like it, they need to block it on the server side.
That does not make any sense. The tunneling works only, if the server allows it. If they want to prevent you from tunneling out of your network, they need to configure the company servers accordingly, not hiding features in client software. That's lame. Does this mean that you do not have any SSH clients on your machines? No PuTTY? No
ssh.exe (which is nowadays the standard part of Windows 10)? All these allow you to tunnel.
Is there any way to disable to the tunneling/port forwarding option in the WinSCP GUI? The security team in my company is hung on that feature and refuses to approve the software for use because of that.