61 percent of CISOs believe employees have leaked data maliciously
A new study reveals that 79 percent of IT leaders believe that employees have put company data at risk accidentally in the last 12 months, and 61 percent believe they have done so maliciously.
The research from data security company Egress also explores how employees and executives differ in their views of what constitutes a data breach and what is acceptable behavior when sharing data.
Insider data breaches are viewed as frequent and damaging occurrences, of concern to 95 percent of IT leaders, yet employees are either unaware of, or unwilling to admit, their responsibility. IT leaders are most likely to say that employee carelessness through rushing and making mistakes is the reason for breaches (60 percent). A general lack of awareness is the second-most cited reason (44 percent), while 36 percent indicate that breaches are caused by a lack of training on the company’s security tools. More concerning is that 30 percent believe that data is being leaked to harm the organization and 28 percent say that employees leak data for financial gain.
From the employee perspective, of those who have accidentally shared data, almost half (48 percent) say they had been rushing, 30 percent blame a high-pressure working environment and 29 percent say it happened because they were tired.
The most frequently cited employee error is accidentally sending data to the wrong person (45 percent), while 28 percent have been caught out by phishing emails. Worryingly, over one-third of employees (35 percent) are simply unaware that information should not be shared,
"The results of the survey emphasize a growing disconnect between IT leaders and staff on data security, which ultimately puts everyone at risk," says Tony Pepper, CEO and co-founder of Egress. "While IT leaders seem to expect employees to put data at risk -- they're not providing the tools and training required to stop the data breach from happening. Technology needs to be part of the solution. By implementing security solutions that are easy to use and work within the daily flow of how data is shared, combined with advanced AI that prevents data from being leaked, IT leaders can move from minimizing data breaches to stopping them from happening in the first place."
Among other findings are that 24 percent of employees who share data intentionally do so when they take it with them to a new job, while 13 percent do so because they are upset with their organization. However, the majority (55 percent) say they share data insecurely because they haven’t been given the tools necessary to share it safely.
You can get the full report from the Egress website.