Formalized Workplace Collaboration Security Plans Still Lagging

Subscribe to our full Premium Content Newsletter to see all of Metrigy's latest research, news analysis, and offers!

Another year, and another Metrigy study on the strategies and technologies companies have put in place around workplace collaboration security and compliance. Sadly, what was then is still very much the case today.

In Metrigy’s Workplace Collaboration and Contact Center Security and Compliance: 2024-25 global research study (available for clients here ), only 35% of the 338 participating companies report having a formal workplace collaboration security program in place today. We had expected this percentage to be higher. In our 2023 study, 37% of companies said they already had a proactive security strategy in place, with another 18.9% having plans to implement by year’s end and 12.3% evaluating doing so. Even accounting for the delays and strategic shifts that often send a company’s best-intentioned plans off track, today’s reality falls far short of the potential, according to our data.

Setting the numbers aside, that companies aren’t establishing stronger security and compliance disciplines for workplace collaboration can be confounding. Not only are employee communications subject to federal compliance orders for data collection, storage, and retrieval, but the applications and services companies use for workplace collaboration are just as vulnerable as the next.

This isn’t to say that companies aren’t doing anything relative to protecting their workplace collaboration environment. We do see positive initiatives. For example, nearly half of organizations in this study require high-level approval—i.e., from the chief information security officer (CISO)—for new application deployment. And most, at 70.6%, assess their communications and collaboration providers’ security capabilities and certifications, with support for multifactor authentication, software development security controls, and third-party certification a must for most of those conducting such evaluations.

Absent a strong security and compliance posture, some companies simply block access to collaboration applications or features. This is the case for 30% of all companies, and higher percentages for those operating in regulated industries such as financial services, healthcare, transportation and utilities. What are they blocking? Meeting recording is top of the list, followed by generative AI and meeting transcription.

With these features touted as a means of improving productivity and streamlining onerous work, thus improving the employee experience, companies that haven’t already done so do need to find a way to alleviate their security and compliance concerns such that they can allow use. CISOs or other professionals charged with workplace collaboration security and compliance need to push forward on putting a comprehensive proactive security plan in place, as well as engaging in continuous education to assure employees under their responsibilities per that plan. Technology wise, this plan should include use of a centralized third-party security and compliance platform for enforcing security policies across communications and collaboration apps and unifying incident response.

Let’s see where this gets us in the year ahead.