Andrea Danti - Fotolia
Employees do not share the same level of security awareness as CIOs, a study has found.
The Insider Data Breach survey, carried out by Opinion Matters for data security company Egress, reported that almost four out of five of the the 505 US and UK CIOs who participated in the study believed employees had put company data at risk accidentally in the past 12 months, and 60% expected their organisation to have an accidental data breach in the next 12 months.
However, almost all (92%) of the employees surveyed as part of the study said they had not accidentally broken their company’s data-sharing policy in the past 12 months, yet 55% admitted their employer did not provide them with tools needed to share data securely.
The study warned that employee-driven accidental data breaches were becoming more prevalent every day. Simple mistakes – such as sending an email to the wrong person or falling for a phishing scam – can lead to significant data loss and damage to the company. According to the IT leaders surveyed, the greatest area of impact from an internal data breach is reputational damage (38%), followed by financial impact (27%) and leaked intellectual property (18%).
The study also found there was a disconnect between IT leaders and employees on how each group views sensitive data. This perception gap, combined with the rapid growth in unstructured data and a growing number of ways for employees to share that data, have the potential to negatively affect an organisation’s security programme, the study warned.
“While IT leaders seem to expect employees to put data at risk, they’re not providing the tools and training required to stop the data breach from happening, said Tony Pepper, CEO and co-founder of Egress.
“Technology needs to be part of the solution. By implementing security solutions that are easy to use and work within the daily flow of how data is shared, combined with advanced AI [artificial intelligence] that prevents data from being leaked, IT leaders can move from minimising data breaches to stopping them from happening in the first place.”
Read more about insider threat management
- Businesses are still not addressing inside threats when it comes to cyber security, leaving themselves wide open to data breaches as a result, according to a security analyst.
- IP theft is often committed by insiders or disgruntled employees who feel entitled to information. Peter Sullivan explains the threat and how to prevent these insider attacks.