Egress’s Insider Data Breach survey 2019 has found that 79% of CIOs believe employees have put company data at risk accidentally in the past 12 months, while 61% think that data has been put at risk maliciously. More than 500 IT leaders and 4,000 employees from the UK and the US were surveyed.
- 45% of employees admitted to sending information to the wrong person, while 35% had shared information without realising that it was confidential.
- 27% of employees confessed to clicking a link in a phishing email.
- 48% of employees who shared data blamed it on rushing, 30% blamed a high-pressure work environment and 29% blamed fatigue.
- 95% of CIOs acknowledged that insider threats are a danger to their organisations.
- 38% of IT leaders saw reputational damage as the biggest consequence of an insider breach, closely followed by financial impact (27%).
- Employees rushing and making errors was seen as the leading cause of insider breaches (60%), followed by a general lack of awareness (44%).
- Where it was believed that breaches were caused maliciously, the leading motive was identified as leaking information to a competitor (32%). Tied in second place (21%) were employees taking data to a new job, leaking data to cyber criminals, and sharing data to personal systems.
With this in mind, 60% of CIOs believe they will fall victim to an accidental breach within the next 12 months, and 46% believe that they will suffer a malicious breach.
We usually associate insider threats with disgruntled employees who intend to harm their employer, but this is not always the case. As Egress’s findings show, insiders threats also include negligent employees who unintentionally compromise data, whether through falling victim to a phishing attack, inadvertently disclosing confidential information, or by other means.
Tony Pepper, CEO and co-founder of Egress, said:
The results of the survey emphasize a growing disconnect between IT leaders and staff on data security, which ultimately puts everyone at risk. While IT leaders seem to expect employees to put data at risk – they’re not providing the tools and training required to stop the data breach from happening.
These findings show the vast extent to which employees’ carelessness and irresponsible actions are harming their organisation.
Address the threat
Training employees provides them with the knowledge and confidence needed to deal with threats appropriately.
Staff awareness training can help tackle insider threats by making sure that staff with access to sensitive data have the correct knowledge and understanding of information security, and are aware of the consequences and risks.
E-learning courses are a convenient way of delivering flexible and efficient staff awareness training with minimal disruption. Course topics include phishing, ISO 27001 and information security.