Two weeks ago I spent the day at a major UK financial institution talking about our anti-spam service. One of the things they asked me was what they should be looking out for next. They feel that as a customer of ours they already have the email virus problem licked, and spam is mostly taken care of, but they expect there will be a new avenue of entry that they haven't thought about.
I talked to them about IM, but they outright block it (to the best of their abilities, via both firewall and proxy blocks). So the only thing I could think that they might be vulnerable to was Spyware. We spoke briefly about this and they asked what they could do. I told them to dump IE in favour of Mozilla or Firefox.
Amazingly they didn't seem too against the idea.