Spam (and the malware it contains) may be a tremendous concern to most IT companies, but information from a new Trend Micro survey suggests that it has become more of a managed concern, and is being superseded as a top priority threat by another issue: data leaks. While they may or may not be intentional, data leaks have the potential to expose thousands or even millions of records to theft.

Despite growing concerns over data security, Trend Micro reports that only some 46 percent of companies even have leak prevention strategies in place. That's surprisingly few, given the string of high-profile data losses in the past 12 months. Some of these incidents might seem to focus more on device loss and less on data leaks, but in many incidents, the occurrence of one automatically results in the other. If the FBI loses 160 laptops, it has effectively leaked all of the data they collectively contain into the public domain.

Trend Micro surveyed 1,600 companies in the US, UK, Germany, and Japan and found worker attitudes and perceptions of data security vary significantly across international boundaries. 74 percent of US employees felt they could properly distinguish between confidential and nonconfidential data, while only 67 percent of UK employees, 68 percent of Germany employees, and just 40 percent of Japanese employees felt capable of doing the same.

US employees aren't just more confident (rightly or wrongly) that they can distinguish confidential corporate data vs. nonconfidential data; they have also received more training on the topic. Among companies that have data leak prevention policies in place, some 70 percent of US employees report that they have received training on how to prevent such leaks, compared to just 57 percent of UK employees.

The need for formal leak prevention policies is, perhaps, even stronger than the survey states. One of the more interesting findings is that "U.K. and German users place less faith in the protection provided with their work PC than U.S. end users do, yet they are just as likely as U.S. end users to open suspicious emails or Web links." This would seem to imply that employees, even when operating in good faith, are a poor judge of what actions could or could not expose sensitive data to the outside world. A healthy dose of paranoia can go a long way toward keeping a system malware (and leak)-free, but only if that paranoia results in measurably different surfing behaviors.

Those of you concerned about these issues, take heart. Trend Micro just happens to sell a software package it believes can effectively prevent data leaks. In fact, according to Glen Kosaka, one of Trend Micro's marketing directors, "Trend Micro LeakProof is designed to help reduce data leaks, data threats and insider leaks by using a unique approach that combines endpoint-based enforcement with highly accurate fingerprinting and content-matching technology."

LeakProof, folks. Like a good tarp. Or a sheep. Or some Huggies.