A new research report has highlighted a fundamental gulf between IT leaders and employees over data security and ownership that is undermining attempts to stem the growing tide of insider breach incidents.
Data and behaviour
The results come from the first Insider Data Breach survey undertaken by data security company Egress, which examines the root causes of employee-driven data breaches, their frequency and impact. The research was carried out by independent research organisation Opinion Matters and incorporated the views of over 250 US and UK-based IT leaders and over 2000 US and UK-based employees. The survey also explored how employees and executives differ in their views of what constitutes a data breach and what is acceptable behaviour when sharing data. Key research findings show 79 per cent of IT leaders believe that employees have put company data at risk accidentally in the last 12 months, while 61 per cent believe they have done so maliciously. Almost a third of IT leaders (30 per cent) believe that data is being leaked to harm the organization, with 28 per cent believe that employees leak data for financial gain. Significantly, 92 per cent of employees say they haven’t accidentally broken company data sharing policy in the last 12 months, and 91 per cent say they haven’t done so intentionally. There is concern by IT leaders (60 per cent) that their organizations will suffer an accidental insider breach in the next 12 months, with 46 per cent believing they will suffer a malicious insider breach. There is 23 per cent of employees who intentionally shared company data took it with them to a new job, with 29 per cent of employees believe they have ownership of the data they have worked on. Over half of employees (55 per cent) intentionally sharing data against company rules said their organisation didn’t provide them with the tools needed to share sensitive information securely.
Careless and unaware
Researchers say the survey results highlight a perception gap between IT leaders and employees over the likelihood of insider breaches. This is a major challenge for businesses: insider data breaches are viewed as frequent and damaging occurrences, of concern to 95 per cent of IT leaders, yet the vectors for those breaches - employees - are either unaware of, or unwilling to admit, their responsibility. Carelessness and a lack of awareness are root causes of insider breaches. Tony Pepper, ceo and co-founder, Egress, comments “as the quantity of unstructured data and variety of ways to share it continue to grow exponentially, the number of insider breaches will keep rising unless the gulf between IT leaders and employee perceptions of data protection is closed. Employees don’t understand what constitutes acceptable behaviour around data sharing and are not confident that they have the tools to work effectively with sensitive information. The results of this research show that reducing the risk of insider breaches requires a multi-faceted approach combining user education, policies and technology to support users to work safely and responsibly with company data.” The full Egress Insider Data Breach survey 2019 can be found here.