Employees Cause Many Data Breaches, Study Says

CEOs looking to place blame for the data breach problem don’t have to look far. It's their own employees, judging by the Insider Data Breach survey 2019, a study commissioned by Egress and conducted by Opinion Matters.

“Employee-driven accidental data breaches are becoming more prevalent every day,” the study states. For instance, 27% of respondents have clicked on a phishing link an 12% have shared data in responded to a spear-phishing email

Not that the employees believe they are to blame. Of the IT leaders polled, 70% say employees have put sensitive company data at risk accidentally in the last 12 months. But 92% of employees say they have not accidentally broken company policy when sharing information.

And 91% say they have not intentionally broken company policy, although 61% of the IT leaders believe employees have put sensitive company data at risk maliciously.

More alarmingly, 30% of the insider breaches have been caused by employees stealing data to harm the company, with 28% doing this for financial gain, IT insiders say.

From the employee perspective, 55% who have shared data intentionally claim they didn’t have the security tools they need. And 23% who shared data intentionally say they took information when they left the company. In addition, 13% leaked data as an act of defiance because they were upset at the organization.

And consider these attitudes:

  • 60% of employees don’t believe the company has exclusive ownership of data 
  • 32% of employees would consider taking company information to a new job
  • 29% of employees believe they own data they worked on. 

Of course, 61% blame employees for rushing and making mistakes, 44% cite lack of wariness and 36% attribute breaches to insufficient training. 

Whatever the cause, data breaches cause the following of types of harm:

  • Reputational damage — 38% 
  • Financial impact — 27% 
  • Leaked IP — 18%
  • Customer churn —1 2% 
  • None of the above — 5% 

And here’s a prediction: 60% of IT leaders believe their firms will have a data breach in the next 12 months.

Egress commissioned independent research company Opinion Matters, which surveyed 252 U.S. and 253 UK-based IT leaders — i.e., CIOs, CTOs, CISOs n IT directors. In addition, it polled 2004 U.S. and 2003 UK-based employees.

Next story loading loading..