Organizations protect critical assets and sensitive information from the outside world by continually updating their security controls and policies. However, the origin of a breach is not always outside of the organization, and recently, insider breaches have gained attention amid an increase in the flexibility of tools for information sharing.
Insider threats can be accidental or intentional, but the impact of insider breaches remain the same. Negligence at the organization regarding data privacy requirements and compliance can cause catastrophic data loss. To implement effective mitigation measures, employees must be aware of their responsibility towards the usage and sharing of data. With recent changes in data protection and privacy laws, various companies have seen a significant impact on their current security practices and controls.
Insider data threats are increasing more than ever before, and these threats are a major concern when it comes to risk management for companies. The Egress 2020 Insider Data Breach Survey identifies the challenges from the viewpoint of IT leaders and compares them with the perspective of employees regarding data protection and their responsibility.
In the previous year’s report, IT leaders showed rising concerns for the risk of insider data breaches. However, employees denied that they have caused such violations. This indicates that there is a gap between employees and IT leaders in the ways that they perceive responsibility and ownership of the company’s data. The report for 2020 inspects the development of the effective mitigating approaches that companies have taken to manage insider breach risk. Another difference of this year’s report is the broader perspective on these breaches based on different regions along with the evolved questionnaire.
Survey Key Findings from the Insider Data Breach Survey
In this survey, 97% of IT leaders acknowledged the concerns regarding the insider breach risk for their organization. This indicates rising concerns in organizations, as this number increased by 2% from 2019. According to IT leaders, 78% of employees put data at risk accidentally in the last 12 months, while 71% of employees accepted that they or a colleague had inadvertently shared the organization’s information. On the other hand, 68% of employees agreed that they had not intentionally broken company policy for sharing the data, while 75% of IT leaders believed that employees had deliberately put data at risk.
Insider breaches are mainly caused by sharing data to personal systems, followed by the leaking of data to a competitor and then cybercriminals. One of the widespread reasons behind this information (and common with the employees who might not have bad intentions) is employees taking the data to a new job. Departing employees take information with them when they feel a sense of personal ownership to it.