Employees To Blame For 70% Of Corporate Data Breaches

Uploaded on 2023-06-26 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW

Security leaders in UK companies believe that their organisation’s employees are continually exposing sensitive data to the risk of a breach, yet are neglecting to take the necessary steps to control the risks. 

This is according to annual research carried out by Apricorn, a leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. Apricorn found that 70% of corporate breaches are a direct result of employee error or malicious intent. 

Of the security decision makers surveyed, 22% said employees unintentionally putting data at risk had been the main cause of a data breach at their organisation, with staff being caught out by phishing emails close behind at 21%. 

Remote workers specifically had been the catalyst at 26% of organisations, up from 21% in 2022. 

  • 20% said employees with malicious intent had been behind a breach at their company, a rise from 10% last year.
  • Third parties mishandling corporate information had caused a breach at 21%, up from 12%, highlighting the increasing need for tighter security in the supply chain.  
  • 48% of respondents admitted that their company’s mobile or remote workers have knowingly exposed data to a breach over the last year, a rise from 29% in 2022, while 46% stated that their remote workers “don’t care” about security, up from 17% the previous year.  

This trend was echoed when the respondents were asked about the main problems they faced with implementing a cyber security plan for remote and mobile working. 

  • The biggest issue, which 28% are struggling with, is lack of awareness among employees of the risks to data when working away from the office.
  • Also high on the list is the fact that staff who are aware of security risks will still take action that results in data being exposed or lost (23%).  

"Our research indicates businesses don’t trust their employees to live up to their responsibilities around protecting data. This is particularly the case when they’re working remotely... There appears to be a lack of buy-in, and in some cases a blatant disregard of the need to follow cyber security policies, perhaps as a result of employees becoming too relaxed over security" Jon Fielding, Apricorn’s managing director EMEA, commented

Despite awareness of the ‘insider threat’, companies are not applying the policy and technology measures necessary to prevent data being compromised, in particular when it comes to BYOD. 

  • Of those that allow employees to use their own IT equipment remotely, only 14% manage the risk by controlling access to systems and data using software, a drop from 41% in 2022. 
  • Nearly a quarter (24%) require employees to receive approval to use their own devices, but do not apply any controls, while 17% don’t require approval or apply any controls, a rise from 8% last year. 15% only allow corporate IT provisioned devices to be used but have no way of enforcing this.  

The employee technology platform is moving further and further away from the organisation, especially where people are using their own kit. 

“While creating a great employee experience is important, and the flexibility and productivity gains are undeniable, it’s essential that security teams now pull on the reins and apply comprehensive measures to protect data. Without these, the situation is a ticking time bomb... Organisations must rebuild a culture that ensures everyone has a security-first mindset, wherever they’re working." Fielding said.

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Canada Challenges Meta Over Access To News
How Does Your Board Measure Cyber Resilience? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Cyber Exec

Cyber Exec

Cyber Exec is an executive search firm dedicated to global talent acquisition in Cyber Security, Information Technology, Defense...

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

Council to Secure the Digital Economy (CSDE)

Council to Secure the Digital Economy (CSDE)

CSDE brings together companies from across the ICT sector to combat increasingly sophisticated and emerging cyber threats through collaborative actions.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

Qevlar AI

Qevlar AI

Qevlar AI empowers SOC teams, to eliminate redundant tasks and refocus on what truly matters - making the most of every employee within the SecOps team.

Mediatech

Mediatech

Mediatech, specialized in managed Cybersecurity and Cloud services, a single point of contact for your company's IT and infrastructure.

Silobreaker

Silobreaker

Silobreaker is a SaaS platform that enables threat intelligence teams to produce high-quality and relevant intelligence at a faster pace.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

ioSENTRIX

ioSENTRIX

ioSENTRIX offers tailored, risk-focused assessments that reduce true business risk.

Cyberdise

Cyberdise

Cyberdise is an AI-driven cybersecurity awareness solution designed for companies with complex security requirements.