Vast majority of IT leaders say insider data breaches are a major concern
- Published: Wednesday, 19 February 2020 10:23
Egress has published the results of its Insider Data Breach Survey 2020. The study found that 97 percent of IT leaders say insider breach risk is a significant concern. 78 percent think employees have put data at risk accidentally in the past 12 months and 75 percent think employees have put data at risk intentionally. When asked about the implications of these breaches, 41 percent say financial damage would be the area of greatest impact.
This second annual survey looks at the causes, frequency and implications of internal security breach incidents and the perspectives of IT leaders and employees about data risk, responsibility and ownership. Conducted by independent research organisation, Opinion Matters in January 2020, more than 500 IT leaders and 5000 employees were surveyed across the UK, US and Benelux regions.
Egress CEO, Tony Pepper, believes the findings show how IT leaders are resigned to the inevitability of insider breaches and don’t have adequate risk management in place:
“While they acknowledge the sustained risk of insider data breaches, bizarrely IT leaders have not adopted new strategies or technologies to mitigate the risk. Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable.
“The severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches. They also need better visibility of risk vectors; relying on employees to report incidents is not an acceptable data protection strategy.”
Misdirected and phishing emails are the top cause of accidental insider data breaches
41 percent of employees who had accidentally leaked data said they had done so because of a phishing email. 31 percent said they caused a breach by sending information to the wrong person, for example, by email. This is underlined by the fact that 45 percent said they had received an Outlook recall message or an email asking them to disregard an email sent in error over the last year.
Erroneous employee views on data ownership
The survey also showed that employee misconceptions over data ownership have a negative impact on information security. The employee-facing research found 29 percent of respondents said they or a colleague had intentionally shared data against company policy in the past year. A worrying 46 percent said they or a colleague had broken company policy when they took data with them to a new job, while more than a quarter (26 percent) said they had taken a risk when sharing data because they weren’t provided with the right security tools.
This reckless approach to data protection may be explained by employees’ views on data ownership and responsibility. 41 percent of the employees surveyed don’t believe that data belongs exclusively to the organization and only 37 percent recognise that everyone has responsibility for keeping data safe.
Directors disrespecting data
The survey also highlighted that the more senior the employee, the more cavalier their attitude towards data breaches. 78 percent of directors have intentionally shared data against company policy in the past year, compared with just 10 percent of clerical staff.
Directors are the most likely to take data with them to a new job: 68 percent of those who had intentionally broken policy had done so when they changed jobs, compared with the overall average of 46 percent.