Proofpoint`s 2005 survey of 332 technology decision-makers at large US companies reveals a growing concern over sensitive information leaving the enterprise through outbound e-mail.
Smaller US companies employ people to monitor outbound e-mail at nearly the same rate as larger companies. Respondents estimated that almost 25% of outbound e-mail contains content that poses a legal, financial or regulatory risk. 27% of companies surveyed have terminated an employee due to e-mail misuse in the past year.
More than one-quarter of company e-mails contain legal, financial or regulatory risk. This alarming statistic has been matched by the number of corporate dismissals due to unsolicited e-mails in the past 12 months. Unknowingly, employees are leaving companies and their CEOs wide open to potentially expensive lawsuits. Proofpoint`s survey highlights the concern of US businesses with over 63% of them employing or planning to employ personnel to monitor outbound e-mails to prevent IP theft and costly litigation.
"It is time to face the facts on security risks in outbound mail," says Jorina van Rensburg, CEO of Condyn. "South Africa is not unique and companies should realise that losing valuable information via outbound mail can cause revenue losses resulting in millions of rands."
Gary Steele, CEO of Proofpoint Inc, says: "South Africa faces the same issues as the US. South African companies are just as likely to be losing valuable intellectual property via e-mail, potentially running afoul of privacy and data protection regulations and opening themselves up to costly litigation due to ageist, racist or sexist e-mail content. Fortunately, `big brother` tactics aren`t required to keep outbound e-mail under control. By putting the right technology, policies and processes in place, companies can greatly reduce the financial, legal and regulatory risks related to outbound e-mail without resorting to reading employee e-mail."
In its 2005 study on outbound e-mail security and content issues, e-mail security vendor Proofpoint found that more than 63% of US corporations with 1 000 or more employees either employ or plan to employ staff to read or otherwise analyse outbound e-mail. More than a third (36.1%) of US companies employ staff to monitor e-mail today, with another 26.5% saying they intend to employ such staff in the future. In the largest companies (those with more than 20 000 employees) this practice is even more common - 40% employ staff to monitor e-mail today and an additional 32% plan to employ such staff in the future.
These results indicate the rising prominence of outbound e-mail as a source of risk for corporations. Specifically, US companies are most concerned about ensuring (1) that e-mail isn`t used to leak company trade secrets or other forms of intellectual property; (2) compliance with corporate e-mail policies; (3) compliance with financial disclosure regulations; and (4) that e-mail can`t be used to leak confidential internal memos. The respondents also expressed an increasingly high degree of concern about compliance with healthcare and financial privacy regulations, such as HIPAA and Gramm-Leach-Bliley.
Other key findings from the survey, which was fielded by Forrester Consulting, include:
* More than one in three (35.2%) US companies investigated a suspected e-mail leak of confidential information in the last 12 months.
* More than one in four (27.1%) US companies have fired an employee for violating e-mail policies in the last 12 months. More than half (50.6%) have disciplined an employee for violating e-mail policies in the last 12 months.
* More than one in 10 (10.5%) US companies were ordered to produce employee e-mail to a court or regulatory body in the last 12 months.
* Respondents estimated that nearly one in four outbound e-mails (24.7%) contain content that poses a legal, financial or regulatory risk to their organisations.
* About half (49.3%) of the largest US companies say it is "very important" to reduce the risks associated with outbound e-mail in the next 12 months.
* Beyond corporate e-mail, US IT professionals are most concerned about Web-based e-mail as a source of risk, followed by instant messaging.
To download a free copy of Outbound Email Security and Content Compliance in Today`s Enterprise, 2005, visit http://www.proofpoint.com/outbound/
Share