OK to answer question No.1 I would say that information leaking is one of the biggest problems in any company. Second, the loose of the data, or in other words, the destruction by natural disaster or intentional from inside of the company or outside. Third, the reputation of the company between customers, shareholders and the public (Also the media).

To question No 2. I would say that as Security Administrator you have to implement a policy in which you make the rules for the use of Intra net, Internet and all point access that you have for employees, vendors, and customers, etc.
And also audit your policy that way you are in compliance (Sarbanes-Oxley Act).

For answer question 3. It sounds that your company is from medium to big, I would implement a hot backup disaster recovery plan, for sure. That way you don’t have to wait to long for get all you data.

Good Luck