In summary, the report states "even though most respondents do not see insiders as accounting for most of their organization's cyber losses, a significant number of respondents believe that insiders still account for a substantial portion of losses."

New Century Mortgage: Risk-averse

Marc Loewenthal, vice president of corporate affairs and chief privacy officer at New Century Mortgage in Irvine, Calif., describes a very tight internal access scenario at his firm, which has 7,400 employees and originated $56.1 billion in mortgage loans in 2005.

"In terms of executive-level e-mail, there is an extremely limited group of people that would have access to it and monitor it, and that's pretty tightly controlled by the general counsel," Loewenthal says. "There would be no reason, frankly, for us to give anybody access to it unless it was a litigation matter, and those are tightly controlled within the legal department."

Loewenthal says that even as chief privacy officer, he has to be given special administrative rights to look at anybody's e-mail, and that he has to go through a process overseen by the firm's chief technical people in order to be approved. This process enables those personnel to know at any given point in time who has access to not only e-mail, but also NAS and Fibre Channel SAN networks.