Employees To Blame For 70% Of Corporate Data Breaches

Uploaded on 2023-06-26 in NEWS-News Analysis, JOBS-Education & Training, FREE TO VIEW

Security leaders in UK companies believe that their organisation’s employees are continually exposing sensitive data to the risk of a breach, yet are neglecting to take the necessary steps to control the risks. 

This is according to annual research carried out by Apricorn, a leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. Apricorn found that 70% of corporate breaches are a direct result of employee error or malicious intent. 

Of the security decision makers surveyed, 22% said employees unintentionally putting data at risk had been the main cause of a data breach at their organisation, with staff being caught out by phishing emails close behind at 21%. 

Remote workers specifically had been the catalyst at 26% of organisations, up from 21% in 2022. 

  • 20% said employees with malicious intent had been behind a breach at their company, a rise from 10% last year.
  • Third parties mishandling corporate information had caused a breach at 21%, up from 12%, highlighting the increasing need for tighter security in the supply chain.  
  • 48% of respondents admitted that their company’s mobile or remote workers have knowingly exposed data to a breach over the last year, a rise from 29% in 2022, while 46% stated that their remote workers “don’t care” about security, up from 17% the previous year.  

This trend was echoed when the respondents were asked about the main problems they faced with implementing a cyber security plan for remote and mobile working. 

  • The biggest issue, which 28% are struggling with, is lack of awareness among employees of the risks to data when working away from the office.
  • Also high on the list is the fact that staff who are aware of security risks will still take action that results in data being exposed or lost (23%).  

"Our research indicates businesses don’t trust their employees to live up to their responsibilities around protecting data. This is particularly the case when they’re working remotely... There appears to be a lack of buy-in, and in some cases a blatant disregard of the need to follow cyber security policies, perhaps as a result of employees becoming too relaxed over security" Jon Fielding, Apricorn’s managing director EMEA, commented

Despite awareness of the ‘insider threat’, companies are not applying the policy and technology measures necessary to prevent data being compromised, in particular when it comes to BYOD. 

  • Of those that allow employees to use their own IT equipment remotely, only 14% manage the risk by controlling access to systems and data using software, a drop from 41% in 2022. 
  • Nearly a quarter (24%) require employees to receive approval to use their own devices, but do not apply any controls, while 17% don’t require approval or apply any controls, a rise from 8% last year. 15% only allow corporate IT provisioned devices to be used but have no way of enforcing this.  

The employee technology platform is moving further and further away from the organisation, especially where people are using their own kit. 

“While creating a great employee experience is important, and the flexibility and productivity gains are undeniable, it’s essential that security teams now pull on the reins and apply comprehensive measures to protect data. Without these, the situation is a ticking time bomb... Organisations must rebuild a culture that ensures everyone has a security-first mindset, wherever they’re working." Fielding said.

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Canada Challenges Meta Over Access To News
How Does Your Board Measure Cyber Resilience? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Exodus Intelligence

Exodus Intelligence

Exodus Intelligence are an industry leading provider of exclusive zero-day vulnerability intelligence, exploits, defensive guidance, and vulnerability research trends.

Skybox Security

Skybox Security

Skybox combines firewall and network device data with vulnerability and threat intelligence, putting security decisions in your unique network context.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

Cybonet

Cybonet

Cybonet is committed to empowering organizations of all sizes with the tools and capabilities to detect and engage cyber security threats.

Upstream Security

Upstream Security

Upstream Security is the first cloud-based cyber-security solution that protects the technologies and applications of connected and autonomous vehicles.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

Baker Donelson

Baker Donelson

Baker Donelson is a law firm with a team of more than 700 attorneys and advisors representing more than 30 practice areas including Data Protection, Privacy and Cybersecurity.

QNu Labs

QNu Labs

QNu Labs’s quantum-safe cryptography products and solutions assure unconditional security of critical data on the internet and cloud across all industry verticals, globally.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Netgo

Netgo

Netgo group meet the requirements of a complex, digitized world with IT consulting, IT solutions & services, managed & cloud services and software products & development.

NAK Consulting Services

NAK Consulting Services

NAK is helping organisations to create Secure, Agile IT Environments. Our goal is to be the trusted advisor and managed service partner for our clients.

Rhodian Group

Rhodian Group

Rhodian Group (formerly Adar) specialize in providing Technology, Cybersecurity, and Compliance services to the insurance industry.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.