A lot of focus is made on hardening systems from outside attacks, but threats from within the company shouldn’t be ignored. Results from Egress’ Insider Data Breach Survey 2021 showed that 94% of organizations have fallen victim to insider data breaches in the last year alone.
The survey was conducted by Arlington Research on behalf of Egress and includes responses from 500 IT leaders and 3,000 employees in the US and UK. The study also focused on multiple different fields such as: financial services, healthcare, and legal.
While a staggering 84% of IT leaders surveyed reported that human error was the largest cause of these breaches, 28% still claim that intentionally malicious behavior is their number one concern. Only 21% of those surveyed reported that human error was their largest concern.
The survey also revealed that 74% of organizations suffered breaches due to employees breaking security protocols while 73% have been the result of phishing attacks. Thankfully, 97% of employees surveyed said that they would report a breach in security while 55% of IT leaders reported that they rely heavily on their employees to make them aware of threatening incidents.
Knowing this, it is unfortunate that the survey also showed that 89% of these incidents result in punishments for the employees involved, some even as serious as a dismissal from the company. On top of this, a newer aspect to the concept of data breaches is remote work which 56% of IT leaders believe will only add to the problem. This contrasts with the opinions of employees though, with over half of those surveyed (61%) believing they are less, or equally as likely, to cause a breach while working remotely. The survey also revealed that 54% of employees feel that their organization’s culture around security trusts and empowers them.
In terms of long term remote or hybrid work, the survey showed that 54% IT leaders agreed that this type of work will make it more challenging to prevent data breaches resulting from human error. With that, 50% or IT leaders believe that it will be more difficult to prevent phishing attacks in the remote format and 49% reported that they feel they will face more difficulty preventing employee misconduct.