Survey: State Of Economy Leading To Increased Data Loss For Companies

  • Aug 14, 2009

In its sixth annual study of outbound e-mail and data loss prevention issues, Proofpoint, Inc. found that U.S. companies are increasingly concerned about a growing number of data leaks caused by employee misuse of e-mail, blogs, social networks, multimedia channels and even text messages.

According to the June study of 220 e-mail decision makers at U.S. companies with more than 1000 employees, organizations continue to embrace preventative measures -- some more drastic than others.

For example, as more U.S. companies reported their business was impacted by the exposure of sensitive or embarrassing information (34 percent, up from 23 percent in 2008), an increasing number say they employ staff to read or otherwise analyze the contents of outbound e-mail (38 percent, up from 29 percent in 2008).

The pain of data leakage has become so acute in 2009 that more U.S. companies report they employ staff whose primary or exclusive job is to monitor the content of outbound e-mail (33 percent, up from 15 percent in 2008).

In addition, companies are regularly ordered to produce employee e-mail as part of legal actions, exposing its contents to outside scrutiny. Nearly a quarter (24 percent) of large US companies report that employee e-mail was subpoenaed in the past 12 months.

When U.S. companies investigated the exposure of confidential, sensitive or private information via e-mail, blogs, multimedia channels and/or social networks, the end result for the offending employee was generally very bad news:

  • E-mail still the top threat: 43 percent of US companies surveyed had investigated an e-mail-based leak of confidential or proprietary information in the past 12 months. Nearly a third of them, 31 percent, terminated an employee for violating e-mail policies in the same period (up from 26 percent in 2008).
  • Blogs breaches continue: 18 percent had investigated a data loss event via a blog or message board in the past 12 months. 17 percent disciplined an employee for violating blog or message board policies, while nearly nine percent reported terminating an employee for such a violation (both increases from 2008, 11 percent and six percent, respectively).
  • Video exposure: Given the rapid adoption of video and audio media within the enterprise -- and the popularity of media sharing sites like YouTube -- it's no surprise that more U.S. companies reported investigating exposure events across these channels (18 percent, up from 12 percent in 2008). As a result, 15 percent have disciplined an employee for violating multimedia sharing / posting policies in the past 12 months, while eight percent reported terminating an employee for such a violation.
  • Friends or foes?: Concerning social networks, U.S. companies are also experiencing more exposure incidents involving sites like Facebook and LinkedIn as compared to 2008 (17 percent versus 12 percent). U.S. companies are taking a much more forceful approach with offending employees -- eight percent reported terminating an employee for such a violation as compared to only four percent in 2008.
  • Data loss in 140 characters or less: Even short message services like SMS texts and Twitter pose a risk. 13 percent of U.S. companies investigated an exposure event involving mobile or Web-based short message services in the past 12 months.

As the global economic recession forced many U.S. companies to downsize and reduce spending, the results of Proofpoint's survey show that those actions have often put them at greater risk for several reasons:

  • 18 percent of U.S. companies investigated a suspected leak or theft of confidential or proprietary information associated with an employee leaving the company (e.g., through voluntary or involuntary termination) in the past 12 months.
  • 42 percent of respondents say that increasing numbers of layoffs at their organizations in the past 12 months have created an increased risk of data leakage. 47 percent of respondents report that layoffs of IT staff have negatively impacted their organization's ability to protect confidential, proprietary and sensitive information in the past 12 months.
  • 50 percent of respondents say that budget constraints have negatively impacted their organization's ability to protect confidential, proprietary or sensitive information in the past 12 months.

Featured

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

  • The Stage is Set

    The security industry spans the entire globe, with manufacturers, developers and suppliers on every continent (well, almost—sorry, Antarctica). That means when regulations pop up in one area, they often have a ripple effect that impacts the entire supply chain. Recent data privacy regulations like GDPR in Europe and CPRA in California made waves when they first went into effect, forcing businesses to change the way they approach data collection and storage to continue operating in those markets. Even highly specific regulations like the U.S.’s National Defense Authorization Act (NDAA) can have international reverberations – and this growing volume of legislation has continued to affect global supply chains in a variety of different ways. Read Now

  • Access Control Technology

    As we move swiftly toward the end of 2024, the security industry is looking at the trends in play, what might be on the horizon, and how they will impact business opportunities and projections. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3