IT professionals apparently go home at night with one worry on their minds: Inside data breaches.
A full 97% say insider breaches are a major fear, according to a study by Opinion Matters
commissioned by security firm Egress.
In addition, 78% think employees have accidentally put data at risk in the last 12 months. And 75% believe employees have put data at risk
intentionally.
However, 58% say employee reporting is more likely than breach detection systems to alert them to insider breaches.
Only 50% of IT leaders say are using anti-virus
software to combat phishing attacks, and 48% are using email encryption and 47% provide secure collaboration tools.
The possible damages include financial loss, according to 41%, in part
because of privacy regulations of more stringent data privacy regulations like the California Consumer Privacy Act.
Some problems result from employee misconceptions about data ownership.
Of the employees polled, 29% say they or a colleague had intentionally shared data in the past year—against company policy.
In addition, 46% believe they or a colleague had
broken company policy when they took data with them to a new job. And 26%) agree they took a risk when sharing data because they weren’t provided with the right security tools.
Directors are the most likely to take data to a new job — 68% of those who had intentionally broken company policy had done so, versus the overall average o 46%.
“While
they acknowledge the sustained risk of insider data breaches, bizarrely IT leaders have not adopted new strategies or technologies to mitigate the risk,” states Egress CEO Tony Pepper.
Pepper adds: “Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable."
Opinion Matters surveyed over
500 IT leaders and 5,000 employees in the UK, U.S. and Benelux countries.