email survey report final
TRANSCRIPT
-
8/14/2019 Email Survey Report FINAL
1/16
Survey on emailmanagementApproaches to security and compliance
in the finance industry
-
8/14/2019 Email Survey Report FINAL
2/16
2 Survey on email management
Contents
Introduction 3
Methodology 4
Summary 5
Main Findings 6
Significant issues 6
Biggest challenges 7
Global vs. local control 8
Number of suppliers 8
Benefits of a single management point 8
Email interaction with customers 9
Cost of message management 10
Governance and compliance 12
Conclusion 14
Contacts 15
-
8/14/2019 Email Survey Report FINAL
3/16
3Survey on email management
Introduction
Email is now the foundation of business communication, replacing paper and voiceas the most critical single element of the corporate communications infrastructure.
Recent years have seen an exponential growth in the amount of information flowing
through electronic communication channels.
Email and other electronic messaging, such as instant messaging (IM) and text
messaging (SMS), are now considered a viable medium for taking orders, sending
approvals and contracts, and discussing sensitive financial issues. As financial
services organisations open up their networks to clients and partners, they are being
forced to take the threat of spam, virus and denial of service attacks seriously to
avoid any disruption to their business. In the wake of complex corporate failures such
as Enron, WorldCom and Parmalat, they are also coming under increasing pressure
from regulators to maintain archives of all communications.
But how are large organisations managing these challenges? This was the overall
question set by this survey, conducted by MORI on behalf of BT, which sought clear
and unbiased feedback from leading financial services companies across the UK,
US and Europe.
Firstly, the survey established the profile of the interviewees, ensuring that respondents
had responsibility for contributing to strategic decisions about message management.
Respondents tended to be from large organisations, with 25 per cent claiming more
than 15,000 employees worldwide. These include names such as AIG, Barclays Bank,
Socit Gnrale and Swiss Life.
Major challengesThe survey considered the major issues in email message management that
organisations face today, and asked them to predict how the cost and significance
of these issues will change in the coming years. It then sought to discover how the
message management infrastructure is currently organised, and identify areas where
respondents thought this could be improved to meet future needs.
In particular, the survey examined the major challenges around security and
compliance, and sought to identify where organisations priorities lie in terms of
budget growth and allocation. The link between security and compliance was also
examined, in addition to organisations readiness to meet requests from regulators
for access to archived communications.
The results make important reading for any senior manager involved in strategic
decisions about message management. It reveals differences in focus in the countries
surveyed, and illustrates the key role that a secure messaging infrastructure plays in
todays financial organisations.
The following document provides important insights into the survey results.
-
8/14/2019 Email Survey Report FINAL
4/16
4 Survey on email management
Methodology
This research was conducted by MORI on behalf of BT. One hundred and twelveinterviews were conducted within retail and wholesale banks, insurance companies,
investment managers and building societies. Interviews addressed a representative
sample of organisations in the UK, US, France, Germany and the Netherlands.
Of the 112 respondents, 79 had responsibility within the IT side of the business,
and 33 worked in the areas of risk and compliance. MORI interviewed senior staff
with responsibility for IT, with job titles including CIO, systems director and IT
director. Managers responsible for operations and risk management were also
interviewed, and job titles in these areas included head of compliance and head
of risk.
Some questions were asked of both IT and risk groups, while others were specific
to one.
Within the 112, 89 respondents worked for organisations that had some level of
retail finance business, and several questions were asked just of this segment.
On certain questions, the responses do not add up exactly to 100 per cent due to
rounding or the fact that multiple responses were allowed.
Fieldwork
Fieldwork and data processing was carried out at the end of 2004. All interviews
were conducted by telephone using CATI (Computer Assisted TelephoneInterviewing). No financial incentives were offered to respondents, only a copy
of the final published findings.
UK US France Germany Netherlands TOTAL
management
Banking 10 19 16 10 5 60
Insurance 8 5 4 8 4 29
Investment 2 2 1 2 0 7
All 4 0 0 0 0 4
Other 1 5 0 0 0 6
Dont know/refused 5 0 0 0 1 6
TOTAL 30 31 21 20 10 112
-
8/14/2019 Email Survey Report FINAL
5/16
5Survey on email management
Summary
The survey looks at issues impacting on message management that can becategorised as either controlled or uncontrolled. The uncontrolled category is
about reacting to external threats, which may or may not be experienced by
the organisation. Viruses, spam, hacking and phishing all fall into this area.
The controlled category is about an organisation making changes internally
in response to set regulation or best practice. This survey reveals that both
categories are crucial to successful message management, but there are
geographic differences in the prioritisation of issues.
Of the external threats that financial organisations face, viruses are still seen
as the most potentially damaging, and are rated as a more significant issue
than spam, hacking and phishing. This is expected to still be the case in three
years time.
Across the different countries surveyed, France is the most focused on security
concerns such as viruses and boundary protection, while the UK and US are most
concerned about archiving and compliance issues.
Most organisations use multiple suppliers of software and services to support
their messaging environments. Despite this, having a single point for management
is seen as beneficial, mainly in having a single user interface for management,
and also in the policy setting for individuals and groups.
Most organisations dont know the total cost of ownership (TCO) of their current
messaging environment, which is probably a reflection of the complexity of
measuring an environment that spans all parts of the business. Success is likelyto be seen as the absence of failures and attacks that damage the business.
The largest budget increases related to message management across all countries
except France will be in the areas of archiving and compliance. Although this will
include an element of security, storage and retrieval are the most crucial areas for
development.
For the majority of retail finance respondents, email is already an important tool for
interacting with customers. They would like to use this communication channel
more if security and authentication concerns can be addressed.
Particularly with viruses and
spam, a centralised
management shortens the line
of communication and makes
it easier to get a definite
answer. Hence its possible to
react faster to threats.
Germany
-
8/14/2019 Email Survey Report FINAL
6/16
6 Survey on email management
Main findings
Significant issuesViruses are considered the most significant issue that organisations face in managing
their messaging environment, with 86 per cent of respondents saying this was a
significant issue. Interestingly, even phishing attacks, which have mainly targeted
the most prominent retail banks to date, were considered a significant issue by 60
per cent of respondents. This is probably due to rising press coverage of the threat,
and associated reputational risk issues.
Looking at the geographic breakdown for ratings on the significance of these issues
illustrates some interesting trends that are borne out in the results of subsequent
sections.
Ninety per cent of UK respondents rated archiving as a significant issue today.
This result can be associated with that countrys Financial Services Authority (FSA)
and its regulatory agenda, together with the close linkages to US firms who have
already been forced to address this issue by the Securities and Exchange Commission
(SEC). This compares to the 60 per cent of Dutch and 67 per cent of French
respondents who thought this issue significant.
Spam
Viruses
Hacking
Phishing
Archiving
Mailbox management
31
70
51
32
54
39
40
16
18
28
23
37
21
9
21
26
16
16
6
5
7
11
4
4
2
0
3
4
2
4
%Base: All respondents (112)
Very Fairly Not very Not at all Dont know
Q1a. How significant do you think each of the following issues is for your organisation now?
Spam
Viruses
Hacking
Phishing
Archiving
Mailbox management
39
42
32
30
33
28
16
22
21
22
23
26
6
2
3
3
4
3
26
28
33
29
29
30
4
3
5
8
1
4
%Base: All respondents (112)
Much more Little more
8
4
5
7
11
9
Little less Much less Same Dont know
Q1b. How do you see the significance of these issues changing for your organisationin three years time?
UK
USA
France
Germany
Netherlands
27
32
48
5
60
63
58
43
50
20
7
3
5
30
20
0
0
0
5
0
3
6
5
10
0
%Base: All respondents (112)
Very Fairly Not very Not at all Dont know
Q1c. How well prepared do you think your organisation is to meet the challengesof mailbox management?
Identification and storage
of what we need to archive
is a challenge. Most of what
we receive is garbage, and
we dont want to have to
save everything.
UK
Our main challenges are
to ensure availability and
integrity of mails as well
as to make sure that
those mails arent
distorted during thetransfer from one person
to another one.
France
-
8/14/2019 Email Survey Report FINAL
7/16
7Survey on email management
Archiving is an open question for us,
we know what we want to do but the
technical implementation will be achallenge, i.e. how in detail we will
set everything up to satisfy strategy
and cost-factors. We will also in the
near future harmonise the
messaging systems to prevent a cost
increase in the long-term. Again,
the real technical implementation
will be a challenge.
Germany
%Base: All IT respondents (79)
Security
Archiving
Email
Accessibility/availability
Other
Dont know
None
28%
30%
18%
5%
25%
5%
9%
Q2. What are the biggest challenges for your organisation in message management?
Looking at how this significance is expected to change, 90 per cent of French respondentsthought that viruses will be more of an issue in coming years, as opposed to just 57 per
cent of UK and 40 per cent of Dutch respondents. The French focus on security in
general and viruses in particular is another recurring theme of this survey.
On the subject of preparedness for dealing with mailbox management challenges,
German respondents were the least confident, with 35 per cent considering themselves
ill-prepared. Institutions in France, the UK and US were the most confident, all with 90
per cent believing they are well positioned to cope with any challenges.
Biggest challenges
This was an open-ended question and not surprisingly, given the wide range
of internal and external threats that organisations face, security tops the list of
challenges for IT respondents, followed closely by archiving.
Again, archiving and security are the two areas with the largest geographical differences.
Only six per cent of French respondents considered archiving a challenge, as opposed to
41 per cent of UK and 50 per cent of Dutch respondents. On the flipside, 61 per cent of
those representing organisations in France thought security was challenging, compared
to 18 per cent of US and zero Dutch respondents.
Other challenges identified as a result of these questions include efficiency, productivity
and rationalising solutions. Nine per cent of those surveyed thought they faced no
challenges in message management, which either indicates a high degree of sophistication
and preparedness, or complacency about the issues identified in question 1.
In a separate question, 81 per cent of respondents agreed with the following statement:
The threat of email anarchy and escalating costs is real for those companies who do
not address their message management correctly.
-
8/14/2019 Email Survey Report FINAL
8/16
8 Survey on email management
Main findings
Global vs. local control
In all the areas identified, the majority of organisations have centralised management
at a global head-office level. Taking France out of the equation, the trend towards
centralised management is even stronger. In each area, the majority of French
respondents said responsibility for decisions and management resided at a local level.
As the organisations surveyed in France comprised both French companies and local
subsidiaries of global firms, this irregularity cannot be explained just in terms of a
unique French approach to organisational structure.
Number of suppliers
Although this question didnt specify the full scope of messaging areas, from general
email applications through to boundary protection and archiving and retrieval,
the majority of respondents, 51 per cent, admitted to using more than one supplier.
Almost one in five (19 per cent) use more than four. US-based organisations use
the most with 55 per cent having three or more suppliers. German organisationsuse the least with 78 per cent having only one supplier.
Benefits of a single management point
Having a single user interface for all messaging systems and simplified implementation
of policies for individuals or groups of users were seen as the major benefits from having
a single management point. Other benefits mentioned by survey respondents include
central administration and management, lower cost of control, and increased speed of
response to incidents. It is interesting to note that 28 per cent of those surveyed in
France considered remote management as a key benefit, and this probably relates to
the less centralised management structure identified in question 3.
%Base: All IT respondents (79)
Simplified implementation of policies forindividuals or groups of users
Single user interface for all messaging systems
Remote access to single management interface
Centralised administration
Control
None
Other
24%
22%
11%
9%
4%
14%
35%
Q5. What would you see as the key benefits of having a single management point for yourmessaging systems?
Base: All IT respondents (79)
Q4. How many suppliers do you usefor messaging solutions?
38%
16%16%
19%
10%
1
2
3
4 or more
Dont know
22%
Base: All IT respondents (79)
4%
Q3. Are the following areas managed primarily at a global level (i.e. decisions are takenstrategically from head office and implemented consistently across the company network)or at a local level (i.e decisions are taken locally or regionally on a case-by-case basis)?
Boundary protection (e.g. anti-spam/virus/content control)
Secure messaging (e.g. phishing/hacking/B2B and BC2 emails)
Compliance (e.g. regulatory archiving/audit trail)
Mailbox management (e.g. hosting/DR/Exchange migration)
Global Local Dont know
%
75%
29% 1%70%
27% 4%70%
44% 3%53%
-
8/14/2019 Email Survey Report FINAL
9/16
9Survey on email management
Email interaction with customersAmong the majority of respondents whose organisations operate in the retail
financial sector, email is already an important tool for communicating with
customers, and its use is likely to increase if the security and authentication
concerns can be addressed.
Across all respondents, 60 per cent are looking for some increase in customer
interaction via email. But it is interesting to note the geographical differences for
this question. In the US, only 43 per cent of respondents are seeking more use of
this channel, which is perhaps a reflection of the maturity of internet banking and
the existing use of e-statements in that market. In Germany though, 77 per cent
of respondents want to do more in this area, indicating that this is a relatively
untapped channel.
The majority of all respondents want to increase use of email for almost all the listed
purposes, but a significant number 72 per cent believe that security is the biggest
deterrent to realising their ambitions. This highlights the need for a more secure
email infrastructure that is capable of integrating with other bank systems and
delivering information to customers in a trustworthy manner.
%Base: All retail respondents (89)
72%
65%
57%
47%
30%
7%
Q8. Which, if any, of the following would you say are significant deterrents toincreased customer interaction by email?
Security (e.g. hacking)
Authentication (e.g. online fraud)
Viruses
Compliance
Archiving (recoveringinformation efficiently)
Non of these
%Base: All retail respondents (89)
Day-to-day contact
Statement provision
Application form provision
Contract provision
Quotes provision
None of these
55%
54%
53%
51%
49%
17%
Q7. Which of the following would you like to do more with customers by email?Base: All retail respondents (89)
Q6. Considering your current interaction withcustomers (business and individuals) viaemail, would you like this interaction toincrease, decrease or stay the same overthe next three years?
36%
24%
33%
3 2 2
Increase a lot
Increase a little
Stay the same
Decrease a little
Decrease a lot
Dont know
Particularly with viruses
and spam, a centralised
management shortens the
line of communication
and makes it easier to get
a definite answer. Hence
its possible to react
faster to threats.
Germany
-
8/14/2019 Email Survey Report FINAL
10/16
10 Survey on email management
Main findings
Cost of message managementOutsourcing of message management processes and infrastructure is still in its
infancy, but the survey shows that it can deliver cost benefits. An interesting difference
in the ongoing cost of mailbox management can be seen when comparing those who
outsource some or all of their message management including those who would
consider outsourcing in the future and those who dont. More than twice as many
respondents who outsource, or would potentially outsource, expect costs for message
management to decrease, at 26 per cent, compared to only 10 per cent of those who
plan to keep the solutions in-house.
The cost of administering the messaging infrastructure is most likely to increase in the
area of compliance, according to 65 per cent of all respondents. Particularly in the
Netherlands and US, costs are predicted to rise in this area, with 75 per cent and 73
per cent respectively predicting compliance will become more expensive. France (67
per cent) and the UK (65 per cent) also expect compliance costs to rise, with only
Germany lagging behind the average with 50 per cent.
In line with the security focus identified in earlier questions, the highest response for
costs increasing in relation to boundary protection came from those surveyed in
France, at 78 per cent, followed closely by the Netherlands with 75 per cent. In the UK,
only 29 per cent expected costs in this area to rise.
Expected costs and budget allocation normally align quite closely, although this isnt
always the case, as sometimes costs can be borne out over several budget cycles. But
in this case, compliance cost increases and budget increases would look to be broadly
in alignment. This is particularly the case in those countries that have previously been
identified as being concerned about compliance issues. Forty one per cent of UK and
55 per cent of US respondents will be spending more on compliance, as opposed to
only 11 per cent of German respondents. France is the odd country out with only sixper cent planning to increase compliance budgets, despite 67 per cent believing the
cost of compliance is likely to rise.
In the area of secure messaging, many more French and Germans expected budget
rises than their UK, US and Dutch counterparts.
%Base: All IT respondents (79)
Boundary protection
Secure messaging
Compliance
Mailbox management
19%
18%
13%
15%
Q9. Which of the following messaging processes or systems do you currently outsource?
-
8/14/2019 Email Survey Report FINAL
11/16
11Survey on email management
Given the cost cutting exercises that many banks have gone through in the past few
years, and the pressure on managers to demonstrate return on investment (ROI) and
total cost of ownership (TCO) for technology investment, the results for question 12
might seem surprising.
Seventy seven per cent of all respondents dont know the TCO for their current
message management services, and this percentage was even higher 89 per cent
in both France and Germany. This is possibly due to the complex nature of the
messaging infrastructure and the fact it touches every line of business and support
department. As well as specific messaging applications, the infrastructure also
requires associated investment in hardware and ongoing maintenance and support.
In the majority of cases where TCO has not been calculated, it is likely that reliability
and invulnerability the lack of attacks and failures are seen as the measuring stick
for success or otherwise of any investment in the messaging infrastructure.
Base: All IT respondents (79)
Q12. Do you accurately know the total costof ownership (TCO) for your currentmessage management services?
Yes
No
23%
77%
20
25
29
18
34
38
35
34
1
3
3
4
24
22
22
30
8
4
8
1
Incr. lot Incr. little
13
9
4
13
Decr. little decr. lot Same Dont know
Boundary protection
Secure messaging
Compliance
Mailbox management
%Base: All IT respondents (79)
Q10. How do you expect the costs of administering each of the following areas to increase ordecrease over the next three years?
Base: All IT respondents (79)
Q11. Of those four areas, where do you thinkwill be the single biggest budget increase?
Compliance
Boundary protection
Secure messaging
Mailbox management
Dont know
29%
19%19%
19%
14%
-
8/14/2019 Email Survey Report FINAL
12/16
12 Survey on email management
Main findings
Governance and complianceAlthough an increased focus on security was seen as the biggest issue arising from
regulatory compliance, the results from respondents indicate there is not a great deal
of consensus on any single impact. This could arise from the different regulations faced
by financial organisations in the markets in which they operate. It could also arise from
confusion in the market about the implications of specific items of legislation.
IT governance includes activities such as providing clear audit trails and effective
archiving in order to meet organisation compliance and governance regulations.
Only 25 per cent of German respondents expect a significant increase in IT governance
costs, as opposed to a group average of 56 per cent. The UK came in highest here,
with 70 per cent. Costs rise in relation to what needs to be undertaken to help the
organisation achieve compliance and best practice, so this indicates that there is still a
lot of work to be done.
The retrieval aspect of the archiving required by legislation is often ignored. But simply
having all relevant information and communications stored somewhere is not enough
to achieve compliance. Organisations need to be able to access the required
information in a timely fashion in response to requests, or risk a fine.
Forty-eight hours is the usual turnaround time for requests from the US Securities and
Exchange Commission (SEC), and while many other regulators havent specifically set
such timeframes, it is a useful benchmark for analysing an organisations archiving and
retrieval capabilities.
Governance compliance
and regulatory
pressures are making us
manage our messaging
environments better.
There is governance
around what we can
and cant do, and this is
having a positive
impact in making us
more efficient.
US
%
Increased focus on security
Increased costs
Improved archiving
Advanced search/retrieval capability
High impact
Authentication
More difficult
Improve standards
Pre-scanning for dangerous word combinations
Little impact
Other
Dont know/no answer
30%
22%
21%
8%
Q13. What impacts do you think compliance will have on your message infrastructure?
Base: All IT respondents (79)
6%
1%
1%
14%
7%
5%
2%
2%
-
8/14/2019 Email Survey Report FINAL
13/16
13Survey on email management
Not surprisingly, given the SECs enthusiasm in enforcing compliance through thethreat of large fines in recent years, the US is the most confident, with 81 per cent
saying they could meet a request if it wasnt necessarily within 48 hours. Germany
achieved the lowest score on this count, with just 60 per cent of respondents
confident they could meet a request.
Those respondents that outsource some or all of their messaging infrastructure, or
would consider outsourcing in the future, are consistently more confident of meeting
regulatory request timeframes. Asked specifically about their confidence to meet the
requirement to provide three years audit trail within 48 hours, 63 per cent of those
who outsource were confident, whereas only 40 per cent of those that dont
outsource could reply with confidence.
Base: All respondents (112)
Q15. If you received a request from a regulatory body to provide an audit trail going back threeyears, how confident would you be of retrieving all of the necessary information within48 hours? And how confident would you be about retrieving the necessary informationat all (i.e. without a tight deadline)?
Within 48 hours
Very confident
Fairly confident
Not very confident
Not at all confident
Dont know
Base: All respondents (112)
At all
Very confident
Fairly confident
Not very confident
Not at all confident
Dont know
23%
26%21%
21%
10%
40%
28%
13%
16%
4%Base: All respondents (112)
Q14. How significant do you expect anyincreases in IT governence costs to befor your organisation?
Very significant
Fairly significant
Not very significant
Not at all significant
I dont expect them to increase
I expect them to decrease
Dont know
13%9%
44%23%
3
4
5
-
8/14/2019 Email Survey Report FINAL
14/16
14 Survey on email management
Conclusion
The respondents to this survey are all working for sophisticated organisationsthat should have a pretty good grasp of the issues that arise when managingcrucial messaging environments for large, often global, financial institutions.So if even small numbers of respondents to this survey claim to be havingproblems with boundary protection, secure messaging and compliance,there is cause for concern.
The methods used for hacking and the propagation of viruses and spam will continue
to evolve and become more sophisticated. So organisations are faced with a moving
target. They recognise the need for constant vigilance to guard against the threats,
and have subsequently placed a priority on dealing with these issues.
Compliance, on the other hand, is a relatively static challenge. Regulations and best
practice do periodically change and evolve, but each time they do, organisations
have an easily identifiable set of objectives to achieve. The challenge is how to achieve
these objectives.
But archiving and compliance still seem to be a bit of a blind spot for many
organisations. Although the focus on security and boundary protection is strong,
the expected increase in compliance budgets and lack of confidence in meeting
regulatory requests for access to archived communications shows that this is an area
that requires more work and focus, at least in the short term. Clearly though, the
SEC is leading the way, driving change in the US at a faster rate than the other
countries surveyed.
The number of those currently outsourcing aspects of message management showsthat the practice is in its infancy, but statistics about expected cost reductions and
increased ability to meet regulatory demands show that there are benefits to
adopting this model.
The lack of understanding of TCO in current messaging environments suggest that
organisations could benefit from looking more closely at how their organisation uses
the messaging infrastructure and which critical business areas it touches. Having a
single framework for message management is one way that the required visibility
and control can be achieved, and this will have further knock-on benefits when
addressing the security and compliance challenges organisations will continue
to face.
-
8/14/2019 Email Survey Report FINAL
15/16
15Survey on email management
Contacts
For more information,
please contact:
Chris Hughes
BT
Guidion House
Ancells Business Park
Fleet, Hampshire
GU51 2QP
United Kingdom
Tel: 07736 636 106
Email: [email protected]
www.btconsulting.com/financialservices
-
8/14/2019 Email Survey Report FINAL
16/16
About BT
BT is one of the worlds leading providers of communications solutions
serving customers in Europe, the Americas and Asia Pacific. Its principal
activities include IT and networking services, local, national and
international telecommunications services, and higher-value broadband
and internet products and services.
www.btconsulting.com/financialservices/mori
British Telecommunications plc 2005. Registered Office: 81 Newgate Street, London, EC1A 7AJ.Registered in England No 1800000.