Survey: State Of Economy Leading To Increased Data Loss For Companies
In its sixth annual study of outbound e-mail and data loss prevention issues, Proofpoint, Inc. found that U.S. companies are increasingly concerned about a growing number of data leaks caused by employee misuse of e-mail, blogs, social networks, multimedia channels and even text messages.
According to the June study of 220 e-mail decision makers at U.S. companies with more than 1000 employees, organizations continue to embrace preventative measures -- some more drastic than others.
For example, as more U.S. companies reported their business was impacted by the exposure of sensitive or embarrassing information (34 percent, up from 23 percent in 2008), an increasing number say they employ staff to read or otherwise analyze the contents of outbound e-mail (38 percent, up from 29 percent in 2008).
The pain of data leakage has become so acute in 2009 that more U.S. companies report they employ staff whose primary or exclusive job is to monitor the content of outbound e-mail (33 percent, up from 15 percent in 2008).
In addition, companies are regularly ordered to produce employee e-mail as part of legal actions, exposing its contents to outside scrutiny. Nearly a quarter (24 percent) of large US companies report that employee e-mail was subpoenaed in the past 12 months.
When U.S. companies investigated the exposure of confidential, sensitive or private information via e-mail, blogs, multimedia channels and/or social networks, the end result for the offending employee was generally very bad news:
- E-mail still the top threat: 43 percent of US companies surveyed had investigated an e-mail-based leak of confidential or proprietary information in the past 12 months. Nearly a third of them, 31 percent, terminated an employee for violating e-mail policies in the same period (up from 26 percent in 2008).
- Blogs breaches continue: 18 percent had investigated a data loss event via a blog or message board in the past 12 months. 17 percent disciplined an employee for violating blog or message board policies, while nearly nine percent reported terminating an employee for such a violation (both increases from 2008, 11 percent and six percent, respectively).
- Video exposure: Given the rapid adoption of video and audio media within the enterprise -- and the popularity of media sharing sites like YouTube -- it's no surprise that more U.S. companies reported investigating exposure events across these channels (18 percent, up from 12 percent in 2008). As a result, 15 percent have disciplined an employee for violating multimedia sharing / posting policies in the past 12 months, while eight percent reported terminating an employee for such a violation.
- Friends or foes?: Concerning social networks, U.S. companies are also experiencing more exposure incidents involving sites like Facebook and LinkedIn as compared to 2008 (17 percent versus 12 percent). U.S. companies are taking a much more forceful approach with offending employees -- eight percent reported terminating an employee for such a violation as compared to only four percent in 2008.
- Data loss in 140 characters or less: Even short message services like SMS texts and Twitter pose a risk. 13 percent of U.S. companies investigated an exposure event involving mobile or Web-based short message services in the past 12 months.
As the global economic recession forced many U.S. companies to downsize and reduce spending, the results of Proofpoint's survey show that those actions have often put them at greater risk for several reasons:
- 18 percent of U.S. companies investigated a suspected leak or theft of confidential or proprietary information associated with an employee leaving the company (e.g., through voluntary or involuntary termination) in the past 12 months.
- 42 percent of respondents say that increasing numbers of layoffs at their organizations in the past 12 months have created an increased risk of data leakage. 47 percent of respondents report that layoffs of IT staff have negatively impacted their organization's ability to protect confidential, proprietary and sensitive information in the past 12 months.
- 50 percent of respondents say that budget constraints have negatively impacted their organization's ability to protect confidential, proprietary or sensitive information in the past 12 months.