I have a bank needing a risk assessment for adding online statements. They intend to deliver the statements by encrypted e-mail attachment (locked, zipfile). Can anyone tell me the threats and associated controls for this job? Thanks!