Employee negligence is major source of insider threats
Multitasking and working long hours, can result in employee negligence which leads to insider threats and costs companies millions of dollars each year.
A new survey of IT and security practitioners in the US and Germany carried out by the Ponemon Institute for cyber security company Raytheon|Websense reveals that employee negligence can cost a US company as much as $1.5 million and Germany companies €1.6 million in time wasted responding to security incidents caused by human error.
Although there are similarities in how US and German organizations perceive insider threats, there are also clear cultural differences in the causes of unintentional insider risk. German respondents are more likely to agree that their organizations don't have the necessary safeguards in place to protect against careless employees (54 percent). US respondents reported that employees are not properly trained to follow data security policies (60 percent) and that senior executives don’t consider data security a priority (50 percent).
"Maliciousness is tagged as the leading cause in insider threat discussions, but the impact of negligence cannot be overlooked," says Ed Hammersla, president of Raytheon|Websense. "As the Ponemon study reveals, security incidents are caused by negligence which leads to a decrease in IT productivity. Workplace stress, multitasking, long hours and a lack of resources and budget are the biggest contributors to employee negligence. Having programs in place that include a mixture of training, policy and technology are vital to addressing insider threats before they become a major issue".
Other findings include employee negligence diminishing the productivity of the IT function according to 73 percent of US respondents and 67 percent of those in Germany. Multitaskers are more likely to be careless or negligent according to 79 percent in the US and 81 percent in Germany.
The Germans are more likely to limit practices that can create unintentional risk (55 percent), while their American counterparts prefer to monitor employees' behavior (63 percent). In both the US and Germany, IT security practitioners spend an average of almost three hours each day dealing with the security risks caused by employee mistakes or negligence. Both German and US respondents report that it's ordinary users, contractors or third-parties who pose the biggest threat to security.
The full survey results can be downloaded from the Raytheon|Websense site.