A survey from Egress has found that 97% of IT Executives are concerned that company data could be at risk from inside breaches stemming from its own employees. The second annual survey by Egress interviewed 500 IT leaders and 5000 employees across the UK, US and Benelux regions.
Egress‘s “Insider Data Breach Survey 2020”, which was overseen by the insight agency, Opinion Matters, revealed 78% of IT heads believe their company’s data had been made accidentally vulnerable by its staff over the past year, with 75% thinking employees had purposefully breached data over the same time period.
Just half of IT leaders said they are using anti-virus software to combat phishing attacks, 48% are using email encryption and 47% provide secure collaboration tools. 58% say employee reporting is more likely than any breach detection system to alert them to an insider data breach.
Egress CEO, Tony Pepper, believes the findings show IT leaders don’t have adequate risk management in place saying “While they acknowledge the sustained risk of insider data breaches, bizarrely IT leaders have not adopted new strategies or technologies to mitigate the risk. Effectively, they are adopting a risk posture in which at least one-third of employees putting data at risk is deemed acceptable.”
41% of employees who had accidentally leaked data said they had done so because of a phishing email. 31% said they caused a breach by emailing the wrong person. 45% said they had received an outlook recall message or an email asking them to disregard an email sent in error over the last year.
29% of respondents said they or a colleague had intentionally shared data against company policy in the past year. 46% said they or a colleague had broken company policy when they took data with them to a new job, while more than a quarter said they had taken a risk when sharing data because they weren’t provided with the right security tools.
41% of the employees surveyed don’t believe that data belongs exclusively to the organisation and only 37% recognise that everyone has responsibility for keeping data safe.
Tony Pepper commented, “Employees want to own the data they create and work on, but don’t want the responsibility for keeping it safe. This is a toxic combination for data protection efforts. When you add their propensity to take data with them when they change jobs and willingness to take risks when sharing data, the scale of the challenge faced by security professionals is alarming.”
According to the survey data, the more senior the employee, the more cavalier their attitude towards data breaches. 78% of directors have intentionally shared data against company policy in the past year, compared with just 10% of clerical staff.