Just to make sure i'm clear here...
Are saying; that only IT groups that are serious about security, allow unknown encrypted data to pass out the perimeter with no regard to what could be present in it? Are you saying that IT groups should just accept the risk of data being ex filtrated over these unknown encrypted connections? What about C2 traffic?
As someone who regularly performs Security Assessments and Penetration Tests for the Financial Industry in the US... I would say that's rather naive...
There is absolutely ZERO expectation of privacy when using an asset that is provided by your employer.
Any IT group who is serious about decreasing their attack surface, knows that solution's like this are imperative to the overall security posture of the organization. Any IT department who is serious about protecting the organization knows; you just cannot allow unknown encrypted data to leave the network at the will of an employee.
The IT department doesn't give one fuck about your privacy.... as they shouldn't.
Its IT's job to protect the business from technology, and ensure that it has the tools and solutions in place to achieve the organizations business requirements. Yes, this includes middling SSL and TLS connections to ensure that company data is not leaking out of the perimeter.
If you don't want the IT department decrypting their data as it leaves their network; use your smartphone instead.