March 25, 2019

Insider breaches: 61% of CIOs believe employees are maliciously leaking data

By Lucy Ingham

A study into to the root causes of insider breaches has found that 61% of IT leaders, including CIOs, CTOs and IT directors, believe that employees have maliciously put data at risk in the last 12 months.

The study, conducted by Opinion Matters for data security company Egress, also found that 79% of IT leaders believed employees had put data at risk accidentally.

However, the research, which involved input from more than 250 US and UK IT leaders and 2,000 US and UK-based employees, found that employees had a very different view of the situation.

92% of employees said they had not accidentally leaked company data, while 91% said they had not done so intentionally. This suggests that employees may be unaware of being the perpetrators of insider breaches.

Employee perception of insider breaches differs from reality

The study suggests that employees have an incorrect perception of data management that is contributing to the rate of insider breaches.

For example, 29% of employees believe they have ownership of data that they have worked on – despite this generally not being the case.

One in five of those who intentionally shared data also believed it was there right to do so.

For some, the motives were questionable, with 23% of those who intentionally shared data taking it to a new job, and 13% sharing data because they were upset with their company.

Notably, however, most did so because they felt they lacked the tools to share it securely – an issue reported by 55%.

“The results of the survey emphasise a growing disconnect between IT leaders and staff on data security, which ultimately puts everyone at risk. While IT leaders seem to expect employees to put data at risk – they’re not providing the tools and training required to stop the data breach from happening,” said Tony Pepper, CEO and co-founder of Egress.

“As the quantity of unstructured data and variety of ways to share it continue to grow exponentially, the number of insider breaches will keep rising unless the gulf between IT leaders and employee perceptions of data protection is closed. Employees don’t understand what constitutes acceptable behaviour around data sharing and are not confident that they have the tools to work effectively with sensitive information.

“The results of this research show that reducing the risk of insider breaches requires a multi-faceted approach combining user education, policies and technology to support users to work safely and responsibly with company data.”

Read more: Data privacy doesn’t mean data security — Here’s how to protect your business

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: