I forgot to mention:

From a forensics standpoint though, let's say I have an employee whom I suspect is stealing company secrets...he manages to install a keylogger on my system...if I were able to coroborate the time a keylogger was installed, with my event logs, or my firewall logs, or my video surveillance, then I would have stronger evidence against the employee.

I guess the time has come to "fight fire with fire" as in load your own keylogger and catch the perp using his one.........hence the importance of finding it first. Loading illicit software would be grounds for dismissal? but you would have to prove usage to launch any sort of criminal action? not sure of your laws here.

In the UK you find that employees have to sign up to the AUP (Approved Usage Policy) of the organisation, which invariably cites violation as an instant dismissal offence.

In your scenario you may want the perp to go further, and find out the competitor who is paying for the exercise?

/me keep them out at the perimeter, and sack anyone who takes the piss

Cheers