CEOs looking to place blame for the data breach problem don’t have to look far. It's their own employees, judging by the Insider Data Breach survey 2019, a study commissioned by Egress and conducted by Opinion Matters.
“Employee-driven accidental data breaches are becoming more prevalent every day,” the study states. For instance, 27% of respondents have clicked on a phishing link an 12% have shared data in responded to a spear-phishing email
Not that the employees believe they are to blame. Of the IT leaders polled, 70% say employees have put sensitive company data at risk accidentally in the last 12 months. But 92% of employees say they have not accidentally broken company policy when sharing information.
And 91% say they have not intentionally broken company policy, although 61% of the IT leaders believe employees have put sensitive company data at risk maliciously.
More alarmingly, 30% of the insider breaches have been caused by employees stealing data to harm the company, with 28% doing this for financial gain, IT insiders say.
From the employee perspective, 55% who have shared data intentionally claim they didn’t have the security tools they need. And 23% who shared data intentionally say they took information when they left the company. In addition, 13% leaked data as an act of defiance because they were upset at the organization.
And consider these attitudes:
Of course, 61% blame employees for rushing and making mistakes, 44% cite lack of wariness and 36% attribute breaches to insufficient training.
Whatever the cause, data breaches cause the following of types of harm:
And here’s a prediction: 60% of IT leaders believe their firms will have a data breach in the next 12 months.
Egress commissioned independent research company Opinion Matters, which surveyed 252 U.S. and 253 UK-based IT leaders — i.e., CIOs, CTOs, CISOs n IT directors. In addition, it polled 2004 U.S. and 2003 UK-based employees.