CEOs looking to place blame for the data breach problem don’t have to look far. It's their own employees, judging by the Insider Data Breach survey 2019, a study commissioned by Egress and
conducted by Opinion Matters.
“Employee-driven accidental data breaches are becoming more prevalent every day,” the study states. For instance, 27% of respondents have clicked on a
phishing link an 12% have shared data in responded to a spear-phishing email
Not that the employees believe they are to blame. Of the IT leaders polled, 70% say employees have put sensitive
company data at risk accidentally in the last 12 months. But 92% of employees say they have not accidentally broken company policy when sharing information.
And 91% say they have not
intentionally broken company policy, although 61% of the IT leaders believe employees have put sensitive company data at risk maliciously.
More alarmingly, 30% of the insider breaches have
been caused by employees stealing data to harm the company, with 28% doing this for financial gain, IT insiders say.
From the employee perspective, 55% who have shared data intentionally claim
they didn’t have the security tools they need. And 23% who shared data intentionally say they took information when they left the company. In addition, 13% leaked data as an act of defiance
because they were upset at the organization.
And consider these attitudes:
- 60% of employees don’t believe the company has exclusive ownership of data
- 32%
of employees would consider taking company information to a new job
- 29% of employees believe they own data they worked on.
Of course, 61% blame employees for rushing
and making mistakes, 44% cite lack of wariness and 36% attribute breaches to insufficient training.
Whatever the cause, data breaches cause the following of types of harm:
- Reputational damage — 38%
- Financial impact — 27%
- Leaked IP — 18%
- Customer churn —1 2%
- None of the above —
5%
And here’s a prediction: 60% of IT leaders believe their firms will have a data breach in the next 12 months.
Egress commissioned independent research company
Opinion Matters, which surveyed 252 U.S. and 253 UK-based IT leaders — i.e., CIOs, CTOs, CISOs n IT directors. In addition, it polled 2004 U.S. and 2003 UK-based employees.