Data breaches – Employees mainly responsible!

Most data breaches are caused by mundane events such as employees losing, having stolen or simply unwittingly misusing corporate assets, a Forrester Research report has found.

After questioning over 7,000 IT executives and ordinary employees across Europe and North America here are some of the findings:

  • 31% cited simple loss or theft as the explanation for data breaches they had experienced,
  • Inadvertent misuse by an employee on 27%.
  • External attack was mentioned in 25% of cases
  • Abuse by malicious insiders on 12%.

“Whether their actions are intentional or unintentional, insiders cause their fair share of breaches,” said the authors. “Other common sources of breach include loss or theft of corporate assets, such as laptops or USB drives, and external attacks that target corporate servers or users.”

Predictably, the arrival of mobile devices and the consumerisation of IT has not helped matters. Most organisations formulate policies for securing mobile devices but, paradoxically, lack enough tools to enforce them.

  • 39% worried about a lack of data leak prevention on mobile devices,
  • 50% were concerned about the consequences of old-fashioned theft.
  • 30% thought there was not sufficient separation between consumer and corporate data on mobile devices.

The commonest form of mobile device security is password entry plus remote lock and wipe with almost a quarter admitting they haven’t started using any form of data protection at all.

“It’s not simply just a matter of having the appropriate tools and controls in place. It’s worth noting that only 56% of information workers in North America and Europe say that they are aware of their organisation’s current security policies,” said the authors.

When data is breached, personal (employee and customer) data accounted for 22% of cases reported, with IP not far behind with 19% and user credentials such as logins in 11%.

Forrester’s findings probably confirm a simple maxim that data breaches are often accidental rather than malicious. What it doesn’t speculate on is whether internal breaches are necessarily the most serious

If you’d like to check your status in realtion to Data Protection or compliance, give us a call and we can carry out an audit of your processes and procedures and give you an up to date report on our findings. Eamil us on contact’voltedge.ie or call +353 1 5252914.