John at myITforum.com

Free Proofpoint Report on Outbound Email Security and Data Loss Prevention

How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies — in the US, UK, Germany, France and Australia — during March 2008.

This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams.

http://www.proofpoint.com/id/outbound/index.php

See if you can download direct...

http://www.proofpoint.com/downloads/Proofpoint-Outbound-Email-and-Data-Loss-Prevention-in-Today's-Enterprise-2008.pdf

Some interesting stats from the doc (are you being watched???):

• 41% of US companies with 20,000 or more employees surveyed employ staff to read or otherwise analyze outbound email. Overall, more than one quarter (29%) of US companies surveyed employ such staff.
• 22% of US companies with 20,000 or more employees surveyed employ staff whose primary or exclusive job function is to read or otherwise monitor outbound email content. Overall, 15% of companies surveyed said they employ such staff.
• More than 1 in 3 (38.0%) US companies surveyed perform regular audits of outbound email content.
• 44% of US companies investigated a suspected email leak of confidential or proprietary information in the past 12 months. 40% investigated a suspected violation of privacy or data protection regulations in the past 12 months.
• 23% of US companies surveyed say their business was impacted by the exposure of sensitive or embarrassing information in the last 12 months. 18% said they had been impacted by improper exposure or theft of customer information. 14% said they had been impacted by the improper exposure or theft of intellectual property.
• More than a quarter of US companies surveyed (26%) terminated an employee for violating email policies in the past 12 months. More than half (51%) of US companies surveyed disciplined an employee for violating email policies in the past 12 months.
• More than a quarter of US companies surveyed (27%) investigated the exposure of confidential, sensitive or private information via lost or stolen mobile devices in the past 12 months. 56% of respondents are concerned or very concerned about the risk of information leakage via email sent from mobile devices. Companies said that, on average, one quarter of their employees have mobile access to the corporate email system via smartphones or other wireless handheld devices.
• More than 1 in 5 US companies surveyed (21%) investigated the exposure of confidential, sensitive or private information via a blog or message board posting. 11% disciplined an employee for violating blog or message board policies in the past 12 months. 6% reported terminating an employee for such a violation. 44% are concerned or very concerned about the risk of information leakage via blogs and message board postings.
• 12% of US companies investigated the exposure of confidential, sensitive or private information via video or audio media posted to a media sharing site. 14% have disciplined an employee for violating media sharing/posting policies in the past 12 months. 5% reported terminating an employee for such a violation. 44% are concerned or very concerned about the risk of information leakage via media sharing sites.
• 12% of US companies investigated the exposure of confidential, sensitive or private information via a posting to a social networking site. 13% have disciplined an employee for violating social networking policies in the past 12 months. 4% reported terminating an employee for such a violation. 44% are concerned or very concerned about the risk of information leakage via posts to social networking sites.
• 14% of US publicly-traded companies surveyed investigated the exposure of material financial information (such as unannounced quarterly results) via a blog or message board posting in the past 12 months.
• More than a third (34%) of companies surveyed with 20,000 employees reported that employee email was subpoenaed in the last 12 months. Overall, nearly a quarter (24%) of companies surveyed were ordered by a court or regulatory body to produce employee email in the past 12 months.
• In addition to concerns about the corporate mail system, more than half of US companies surveyed (56%) are “very concerned” or “concerned” about web-based email as a conduit for exposure of confidential or proprietary information.
• Top concerns 2008: 75% of US companies are “concerned” or “very concerned” about protecting the confidentiality of personal identity and financial information in outbound email. 70% are “concerned” or “very concerned” about ensuring compliance with financial disclosure or corporate governance regulations. 68% are “concerned” or “very concerned” about ensuring that email cannot be used to disseminate company trade secrets or valuable intellectual property.
• More than half of US companies surveyed (57%) say that it is “important” or “very important” to reduce the legal and financial risks associated with outbound email in the next 12 months.
• More than half of US companies surveyed (51%) say that it is “important” or “very important” to reduce the legal and financial risks associated with outbound HTTP traffic (such as webmail and blog postings) in the next 12 months.