This finding from Egress‘s Insider Data Breach Survey 2020, conducted by Opinion Matters, spelled a lack of reassurance for decision makers regarding insider breaches over the past 12 months.
Also, 78% of IT leaders surveyed said that employees have put data at risk accidentally within the last year, while 75% say that intentional compromise of data security has occurred.
While the former statistic has remained stable since 2019, the latter saw a 14% jump.
In the UK, 63% declared intentional data security compromise, while 68% said this was accidental. This contrasted with leaders in the Benelux region, 89% of whom said that data was put at risk intentionally, and 91% accidentally.
Egress CEO, Tony Pepper, said: “While they acknowledge the sustained risk of insider data breaches, bizarrely, IT leaders have not adopted new strategies or technologies to mitigate the risk.
Real-time data and cyber security: key to mitigating the risk
“Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable.
“The severe penalties for data breaches mean IT leaders must action better risk management strategies, using advanced tools to prevent insider data breaches.
“They also need better visibility of risk vectors; relying on employees to report incidents is not an acceptable data protection strategy.”
The most common cause of company data risk, according to leaders, is the sharing of data to personal devices.
In regards to challenges, two proportions of 24% said a lack of employee security training, and a lack of effective security systems respectively, were to blame.
23%, meanwhile, blamed a lack of awareness, and 21% said that insider breaches were mainly caused by employees rushing tasks.
In terms of what kinds of cyber attacks were causing breaches over the past year, 41% cited phishing attacks over email, while 31% said that employees had sent information to the wrong person.
What are the newest cyber attacks to look out for?
“Incidents of people accidentally sharing data with incorrect recipients have existed for as long as they’ve had access to email,” Pepper continued. “As a fundamental communication tool, organisations and security teams have weighed the advantages of efficiency against data security considerations, and frequently compromise on the latter.
“However, we are in an unprecedented time of technological development, where tools built using contextual machine learning can combat common issues, such as misdirected emails, the wrong attachments being added to communications, auto-complete mistakes, and employees not using encryption tools correctly.
“Organisations need to tune into these advances to truly be able to make email safe.”
528 IT directors, CIOs, CTOs and CISOs from companies with 100 employees or more took part in Egress’s study.