Insider cyber incidents: human error is the top cause of serious data breaches
- Published: Thursday, 15 July 2021 08:54
Egress’ Insider Data Breach Survey 2021 has revealed that an overwhelming 94 percent of organizations have experienced insider data breaches in the last year. Human error was the top cause of serious incidents, according to 84 percent of IT leaders surveyed. However, IT leaders are more concerned about malicious insiders, with 28 percent indicating that intentionally malicious behaviour is their biggest fear. Despite causing the most incidents, human error came bottom of the list, with just over one-fifth (21 percent) saying that it’s their biggest concern.
Almost three-quarters (74 percent) of organizations have been breached because of employees breaking security rules, and 73 percent have been the victim of phishing attacks.
The survey, independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.
Key insights include:
- 94 percent of organizations have experienced an insider data breach in the last 12 months.
- Human error is the leading cause of serious insider data breaches, with 84 percent of organizations experiencing a security incident caused by a mistake.
- Malicious insiders are IT leaders’ biggest worry, with 28 percent indicating that it’s their top concern.
- 74 percent of organizations have been breached because of employees breaking security rules, and 73 percent have suffered serious breaches caused by phishing.
- 97 percent of employees say they would report a breach – which is good news for the 55 percent of IT leaders who rely on employees to alert them to incidents.
- But it’s not necessarily positive when they do: 89 percent of incidents led to repercussions for the employees involved.
- 54 percent of employees said that they feel their organization’s security culture trusts and empowers them, indicating that many organizations lack a security-positive culture.
- The biggest driver for change in insider risk over the last year has been the adoption of long-term remote working due to the pandemic. Over half (56 percent) of IT leaders believe that remote work has driven an increase in data breaches caused by human error. Meanwhile, employees disagree, with 61 percent believing that remote work makes them less, or equally, as likely to cause a data breach.
- IT leaders are concerned for the future, with 54 percent indicating that they believe that remote/hybrid working will make it more difficult to prevent data breaches caused by human error. Half of IT leaders also believe that it will make it more difficult to prevent phishing attacks, and 49 percent believe that it will be more difficult to prevent employees from breaking the rules if they’re working remotely in the future.
Egress CEO Tony Pepper comments:
“Insider risk is every organization’s most complex vulnerability – and it has far-reaching consequences, from ransomware attacks to loss of client trust. Organizations must act now to mitigate the risk posed by their people.
“The research highlights the importance of empowering employees – they want to protect their employer’s data, and it’s up to organizations to ensure that they’re building a security-positive culture. With the right technology and strategy in place, organizations can transform their people from their biggest security vulnerability into their strongest line of defence.”