SOURCE: Proofpoint, Inc.

Proofpoint, Inc.

August 10, 2009 08:00 ET

Proofpoint Survey Says: State of Economy Leads to Increased Data Loss Risk for Large Companies

Careful What You Email, Post, Upload and Tweet: US Businesses Embrace Aggressive Preventative Measures

SUNNYVALE, CA--(Marketwire - August 10, 2009) - In its sixth annual study (http://www.proofpoint.com/outbound) of outbound email and data loss prevention issues, Proofpoint, Inc. found that US companies are increasingly concerned about a growing number of data leaks caused by employee misuse of email, blogs, social networks, multimedia channels and even text messages.

According to the June 2009 study of 220 email decision makers at US companies with more than 1000 employees, organizations continue to embrace preventative measures -- some more drastic than others.

Who's Reading Your Corporate Email?

For example, as more US companies reported their business was impacted by the exposure of sensitive or embarrassing information (34 percent, up from 23 percent in 2008), an increasing number say they employ staff to read or otherwise analyze the contents of outbound email (38 percent, up from 29 percent in 2008). The pain of data leakage has become so acute in 2009 that more US companies report they employ staff whose primary or exclusive job is to monitor the content of outbound email (33 percent, up from 15 percent in 2008).

In addition, companies are regularly ordered to produce employee email as part of legal actions, exposing its contents to outside scrutiny. Nearly a quarter (24 percent) of large US companies report that employee email was subpoenaed in the past 12 months.

Draconian Measures?

When US companies investigated the exposure of confidential, sensitive or private information via email, blogs, multimedia channels, and/or social networks, the end result for the offending employee was generally very bad news:

--  Email still the #1 threat: 43 percent of US companies surveyed had
    investigated an email-based leak of confidential or proprietary information
    in the past 12 months. Nearly a third of them, 31 percent, terminated an
    employee for violating email policies in the same period (up from 26
    percent in 2008).
    
--  Blogs breaches continue: 18 percent had investigated a data loss event
    via a blog or message board in the past 12 months. 17 percent disciplined
    an employee for violating blog or message board policies, while nearly nine
    percent reported terminating an employee for such a violation (both
    increases from 2008, 11 percent and six percent, respectively).
    
--  Video exposure: Given the rapid adoption of video and audio media
    within the enterprise -- and the popularity of media sharing sites like
    YouTube -- it's no surprise that more US companies reported investigating
    exposure events across these channels (18 percent, up from 12 percent in
    2008). As a result, 15 percent have disciplined an employee for violating
    multimedia sharing / posting policies in the past 12 months, while eight
    percent reported terminating an employee for such a violation.
    
--  Friends or foes?: Concerning social networks, US companies are also
    experiencing more exposure incidents involving sites like Facebook and
    LinkedIn as compared to 2008 (17 percent versus 12 percent). US companies
    are taking a much more forceful approach with offending employees -- eight
    percent reported terminating an employee for such a violation as compared
    to only four percent in 2008.
    
--  Data loss in 140 characters or less: Even short message services like
    SMS texts and Twitter pose a risk. 13 percent of US companies investigated
    an exposure event involving mobile or Web-based short message services in
    the past 12 months.
    

Economic Enemy

As the global economic recession forced many US companies to downsize and reduce spending, the results of Proofpoint's survey show that those actions have often put them at greater risk for several reasons:

--  18 percent of US companies investigated a suspected leak or theft of
    confidential or proprietary information associated with an employee leaving
    the company (e.g., through voluntary or involuntary termination) in the
    past 12 months.
    
--  42 percent of respondents say that increasing numbers of layoffs at
    their organizations in the past 12 months have created an increased risk of
    data leakage. 47 percent of respondents report that layoffs of IT staff
    have negatively impacted their organization's ability to protect
    confidential, proprietary and sensitive information in the past 12 months.
    
--  50 percent of respondents say that budget constraints have negatively
    impacted their organization's ability to protect confidential, proprietary
    or sensitive information in the past 12 months.
    

Downloads

--  To download a free copy of Proofpoint's complete report, Outbound
    Email and Data Loss Prevention in Today's Enterprise, 2009, visit:
    http://www.proofpoint.com/outbound/.
    

Live Webinar: Findings from Proofpoint's 2009 Research

Join Proofpoint on Wednesday, August 12, 2009 at 2 p.m. ET / 11 a.m. PT for a live webinar where Keith Crosley, director of market development for Proofpoint, and analyst Michael Osterman, principal of Osterman Research, will discuss findings from the Outbound Email and Data Loss Prevention in Today's Enterprise report. To register, please visit: http://www.proofpoint.com/outbound0809.

About Proofpoint, Inc.

Proofpoint secures and improves enterprise email infrastructure with solutions for email security, archiving, encryption and data loss prevention. Proofpoint solutions defend against spam and viruses, prevent leaks of confidential and private information, encrypt sensitive emails and archive messages for retention, e-discovery and easier mailbox management. Proofpoint solutions can be deployed on-demand (SaaS), on-premises (appliance), or in a hybrid architecture for maximum flexibility and scalability. For more information, please visit http://www.proofpoint.com.

Proofpoint is a trademark or registered trademark of Proofpoint, Inc. in the US and other countries. All other trademarks contained herein are the property of their respective owners.

Contact Information