Proofpoint Reports Findings from Email and Information Security Trends Survey Conducted at Microsoft TechEd Conference

SUNNYVALE, Calif. – July 18, 2012 – Proofpoint, Inc. (PFPT) (, a pioneering security-as-a-service provider, today announced findings from a survey of security IT enterprise decision makers, about email and information security trends.

"The findings from our June 2012 survey reinforce what many industry analysts and security experts have already noted—that targeted attacks against large organizations are extremely common and surprisingly effective in compromising user credentials and corporate IT systems," said David Knight, executive vice president of product management for Proofpoint. "In response, Proofpoint continues to develop innovative new approaches to fighting spear phishing and other targeted attacks."

Key findings from the survey include:

  • Spear phishing is an increasingly serious threatHalf of all respondents (51%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31% do not believe they were the target of such an attack and 18% reported they did not know.
  • Larger organizations are more susceptible to phishing attacks: Among organizations with 1,000 or more email users, more than half of respondents (56%) believe their organizations were targeted by a spear phishing attack. Of this group, 27% do not believe they were the target of a spear phishing attack and 17% reported they did not know. Comparatively, organizations with fewer than 1,000 email users reported fewer spear phishing attacks—42% believe they had been targeted, 39% did not and 19% didn't know.
  • Spear phishing attacks are often the root cause of security breaches: More than one third (34%) of respondents who reported experiencing a spear phishing attack in the past year (17% of all respondents) believe that attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.
  • Outbound email reported as the greatest source of data loss risk: Asked which of five risk vectors—outbound corporate email, social media, lost or stolen mobile devices, and online file sharing/collaboration and short messaging services—they felt posed the greatest risk of data loss to their organizations, respondents chose outbound email by a small margin. Results are as follows:
    • 22% feel outbound email sent from their organizations is the greatest source of data loss risk
    • 19% feel that online file sharing/collaboration solutions (e.g., services such Dropbox, Box and others) are the greatest source of data loss risk
    • 18% feel lost or stolen mobile devices are the greatest source of data loss risk
    • 17% feel postings to social media sites (e.g., Facebook, LinkedIn) represent the greatest source of data loss risk
    • 3% feel that short messaging services (e.g., Twitter, SMS text messaging) are the greatest source of data loss
    • 21% of respondents say they “don’t know” which vector poses the most risk

More than 330 survey participants submitted their answers via a web-based survey at Proofpoint’s booth at the Microsoft TechEd 2012 conference (June 2012). More than half of respondents were from organizations with 1,000 or more email users. Approximately 99% of respondents held security, risk management/compliance, CIO/CTO/CSO/CISO or other IT job roles, while 1% held academic roles. All respondents considered in these statistics demonstrated familiarity with their organizations' email security solutions.

Proofpoint recently introduced a new, cloud-based solution designed to provide reliable protection against spear phishing and other forms of targeted attacks, Proofpoint Targeted Attack Protection™, which was selected as a finalist for the Microsoft Best of TechEd Award in the security category. Learn more at

About Proofpoint, Inc. 
Proofpoint, Inc. (NASDAQ:PFPT) is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance and secure communications. Organizations around the world depend on Proofpoint's expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information. More information is available at


Proofpoint and Proofpoint Targeted Attack Protection are registered and/or common law trademarks of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.