2007 Proofpoint Survey Finds That 32% of Large U.S. Companies Employ Personnel to Read Employee Email
Nearly 28% have terminated employees for email policy violations; 20% have disciplined employees for improper use of blogs/message boards; 14% for social network violations; 11% for improper use of media sharing sites
In its fourth-annual study of outbound email and content security issues (http://www.proofpoint.com/outbound), email security and data loss prevention company Proofpoint, Inc. found that outbound email and other electronic communication protocols continue to grow as a source of risk for companies. Proofpoint's 2007 survey of 308 email decision-makers at large U.S. companies shows expanding concern over sensitive information leaving enterprises through outbound email and other electronic communications channels.
The study found that 32.1% of surveyed companies with 1,000 or more employees hire staff to read or analyze the contents of outbound email. 38.8% of larger companies surveyed (those with more than 20,000 employees) employ staff for this purpose. Additionally, 16.9% of companies surveyed employ staff whose primary or exclusive job responsibility is to read or otherwise analyze email content.
Email remains a primary source of information leakage, which can result in regulatory compliance violations, legal problems and loss of competitive position. Respondents estimated that nearly 20% of all outbound email poses a legal, regulatory or financial risk. More than a third of surveyed companies investigated a suspected email leak of confidential or proprietary information in the past 12 months. Additional key findings from the survey include:
-- More than one-quarter of surveyed companies (27.3%) have terminated an
employee for violating email policies in the past 12 months. 45.5% have
disciplined an employee for violating email policies in the past year.
-- More than one-quarter (26.3%) of surveyed companies report their
business was impacted by the exposure of sensitive or embarrassing
information in the last year and 33.8% investigated a suspected email
leak of confidential or proprietary information.
-- 29.1% of the largest enterprises (20,000 employees or more) reported
that employee email was subpoenaed in the last 12 months.
Newer "Web 2.0" communications vehicles are posing a problem to companies as well, as increased employee use of YouTube, MySpace, FaceBook and other popular sites has translated into increased opportunity for information leakage. Some of the key findings included:
-- In the past 12 months, 14.0% of surveyed companies have disciplined an
employee for violating social networking policies and nearly 5%
terminated an employee for such a violation.
-- In the past 12 months, 11.0% of surveyed companies have disciplined an
employee for violating media sharing policies and 6.8% terminated an
employee for such a violation.
The study also found that other communications channels -- such as Web-based mail, peer-to-peer networks, instant messaging, and blogs and message boards -- continue to be a significant sources of risk for companies:
-- In the past 12 months, 21.4% of companies surveyed had investigated the
exposure of sensitive information via blog or message board postings,
while 19.2% disciplined and 9.1% terminated employees for such
infractions.
-- In the past 12 months, 12.4% of publicly traded companies surveyed had
investigated the exposure of material information via blog or message
board postings.
-- 48.7% of companies are very concerned or concerned about Web-based
email as a conduit for exposure of confidential or proprietary
information. Respondents are also very concerned about FTP, instant
messaging, peer-to-peer networks, media sharing sites, blogs and
message boards as potential conduits for data loss.
-- Among the largest companies (20,000 and more employees), peer-to-peer
networks were the no. 1 source of concern for information leakage via
non-email electronic communications channels, eclipsing Web-based
email, instant messaging, media sharing sites and blogs.
Source: Proofpoint, Inc.
Web site:
http://www.proofpoint.com/
http://www.proofpoint.com/outbound
