European information security execs face major challenge from insider threats

New research shows that 35 percent of employees across the UK, France, Germany and Italy admit to have been involved in a security breach.

This presents CISOs with a significant challenge when it comes to protecting company data, particularly in light of the forthcoming European General Data Protection Regulation (GDPR) which comes into effect in early 2018.

The study from cyber security company Forcepoint surveyed over 4,000 office workers across the UK, France, Germany and Italy to better understand attitudes toward data protection and the number of insider threats, malicious and accidental, facing organizations across these countries.

The findings show worrying levels of risky behavior from employees within enterprises. It finds 14 percent of employees would jeopardize their job by selling work log-ins to an outsider, and 40 percent of those would do so for less than £200 ($250) -- 55 percent of surveyed employees in the UK say they would part with credentials for that amount.

Just under a third (29 percent) of survey respondents have purposely sent unauthorized information to a third party, while 15 percent of European staff have taken business critical information with them from one job to another with 59 percent planning to use it in their next job.

There's also a lack of awareness of how employee actions affect data security. Nearly half (43 percent) of European employees do not believe their organization is currently vulnerable to a security threat caused by insiders, while 32 percent are either unaware of or are unsure about the consequences of a data breach.

Some 22 percent either do not believe data breaches incur a cost to their employers, or are unsure, with France and the UK having the lowest levels of awareness of these costs and consequences. 39 percent of European employees say they have received no data protection training and over a quarter (27 percent) of organizations either lack security policies to prevent data loss or fail to enforce them.

There are interesting national differences too, Italians (45 percent) are most likely to be involved in a security breach, compared to just 27 percent of UK respondents. French workers (36 percent) are most likely to feel that their organization is vulnerable to security threats from hijacked systems, rogue insiders, stolen credentials or negligent end users, more than those in Italy (33 percent) and the UK (22 percent), and more than twice as likely as German employees (15 percent);

"Research has consistently shown that breaches caused by employees are among the most damaging around in terms of their financial and reputational impact," says Mike Smart, product and solutions director at Forcepoint. "Organizations that ignore the potential security risks that can be caused by employees and other insiders miss an opportunity to strengthen their security posture and protect their companies more broadly."

You can read more of the findings in the full report on the Forcepoint website and there's a summary of the findings as an infographic below.

Image Credit: Andrea Danti/Shutterstock