Study: 32 Percent Of Companies Read Outbound Employee E-Mail
In its fourth annual study of outbound email and content security issues, e-mail security and data loss prevention company Proofpoint Inc. found that outbound e-mail and other electronic communication protocols continue to grow as a source of risk for companies. Proofpoint's 2007 survey of 308 e-mail decision-makers at large U.S. companies shows expanding concern over sensitive information leaving enterprises through outbound email and other electronic communications channels.
The study found that 32.1 percent of surveyed companies with 1,000 or more employees hire staff to read or analyze the contents of outbound e-mail. Almost 39 (38.8) percent of larger companies surveyed (those with more than 20,000 employees) employ staff for this purpose. Additionally, 16.9 percent of companies surveyed employ staff whose primary or exclusive job responsibility is to read or otherwise analyze e-mail content.
E-mail remains a primary source of information leakage, which can result in regulatory compliance violations, legal problems and loss of competitive position. Respondents estimated that nearly 20 percent of all outbound e-mail poses a legal, regulatory or financial risk. More than a third of surveyed companies investigated a suspected e-mail leak of confidential or proprietary information in the past 12 months. Additional key findings from the survey include:
- More than one-quarter of surveyed companies (27.3 percent) have terminated an employee for violating e-mail policies in the past 12 months. 45.5 percent have disciplined an employee for violating e-mail policies in the past year.
- More than one-quarter (26.3 percent) of surveyed companies report their business was impacted by the exposure of sensitive or embarrassing information in the last year and 33.8 percent investigated a suspected e-mail leak of confidential or proprietary information.
- 29.1 percent of the largest enterprises (20,000 employees or more) reported that employee e-mail was subpoenaed in the last 12 months.
Newer "Web 2.0" communications vehicles are posing a problem to companies as well, as increased employee use of YouTube, MySpace, FaceBook and other popular sites has translated into increased opportunity for information leakage. Some of the key findings included:
- In the past 12 months, 14.0 percnet of surveyed companies have disciplined an employee for violating social networking policies and nearly 5 percent terminated an employee for such a violation.
- In the past 12 months, 11.0 percent of surveyed companies have disciplined an employee for violating media sharing policies and 6.8 percent terminated an employee for such a violation.
The study also found that other communications channels -- such as Web-based mail, peer-to-peer networks, instant messaging, and blogs and message boards -- continue to be a significant sources of risk for companies:
- In the past 12 months, 21.4 percent of companies surveyed had investigated the exposure of sensitive information via blog or message board postings, while 19.2 percent disciplined and 9.1 percent terminated employees for such infractions.
- In the past 12 months, 12.4 percent of publicly traded companies surveyed had investigated the exposure of material information via blog or message board postings.
- 48.7 percent of companies are very concerned or concerned about Web-based e-mail as a conduit for exposure of confidential or proprietary information. Respondents are also very concerned about FTP, instant messaging, peer-to-peer networks, media sharing sites, blogs and message boards as potential conduits for data loss.
- Among the largest companies (20,000 and more employees), peer-to-peer networks were the No. 1 source of concern for information leakage via non-e-mail electronic communications channels, eclipsing Web-based e-mail, instant messaging, media sharing sites and blogs.