A study into to the root causes of insider breaches has found that 61% of IT leaders, including CIOs, CTOs and IT directors, believe that employees have maliciously put data at risk in the last 12 months.
The study, conducted by Opinion Matters for data security company Egress, also found that 79% of IT leaders believed employees had put data at risk accidentally.
However, the research, which involved input from more than 250 US and UK IT leaders and 2,000 US and UK-based employees, found that employees had a very different view of the situation.
92% of employees said they had not accidentally leaked company data, while 91% said they had not done so intentionally. This suggests that employees may be unaware of being the perpetrators of insider breaches.
Employee perception of insider breaches differs from reality
The study suggests that employees have an incorrect perception of data management that is contributing to the rate of insider breaches.
For example, 29% of employees believe they have ownership of data that they have worked on – despite this generally not being the case.
One in five of those who intentionally shared data also believed it was there right to do so.
For some, the motives were questionable, with 23% of those who intentionally shared data taking it to a new job, and 13% sharing data because they were upset with their company.
Notably, however, most did so because they felt they lacked the tools to share it securely – an issue reported by 55%.
“The results of the survey emphasise a growing disconnect between IT leaders and staff on data security, which ultimately puts everyone at risk. While IT leaders seem to expect employees to put data at risk – they’re not providing the tools and training required to stop the data breach from happening,” said Tony Pepper, CEO and co-founder of Egress.
“As the quantity of unstructured data and variety of ways to share it continue to grow exponentially, the number of insider breaches will keep rising unless the gulf between IT leaders and employee perceptions of data protection is closed. Employees don’t understand what constitutes acceptable behaviour around data sharing and are not confident that they have the tools to work effectively with sensitive information.
“The results of this research show that reducing the risk of insider breaches requires a multi-faceted approach combining user education, policies and technology to support users to work safely and responsibly with company data.”