Employees To Blame For 70% Of Corporate Data Breaches

Security leaders in UK companies believe that their organisation’s employees are continually exposing sensitive data to the risk of a breach, yet are neglecting to take the necessary steps to control the risks. 

This is according to annual research carried out by Apricorn, a leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. Apricorn found that 70% of corporate breaches are a direct result of employee error or malicious intent. 

Of the security decision makers surveyed, 22% said employees unintentionally putting data at risk had been the main cause of a data breach at their organisation, with staff being caught out by phishing emails close behind at 21%. 

Remote workers specifically had been the catalyst at 26% of organisations, up from 21% in 2022. 

  • 20% said employees with malicious intent had been behind a breach at their company, a rise from 10% last year.
  • Third parties mishandling corporate information had caused a breach at 21%, up from 12%, highlighting the increasing need for tighter security in the supply chain.  
  • 48% of respondents admitted that their company’s mobile or remote workers have knowingly exposed data to a breach over the last year, a rise from 29% in 2022, while 46% stated that their remote workers “don’t care” about security, up from 17% the previous year.  

This trend was echoed when the respondents were asked about the main problems they faced with implementing a cyber security plan for remote and mobile working. 

  • The biggest issue, which 28% are struggling with, is lack of awareness among employees of the risks to data when working away from the office.
  • Also high on the list is the fact that staff who are aware of security risks will still take action that results in data being exposed or lost (23%).  

"Our research indicates businesses don’t trust their employees to live up to their responsibilities around protecting data. This is particularly the case when they’re working remotely... There appears to be a lack of buy-in, and in some cases a blatant disregard of the need to follow cyber security policies, perhaps as a result of employees becoming too relaxed over security" Jon Fielding, Apricorn’s managing director EMEA, commented

Despite awareness of the ‘insider threat’, companies are not applying the policy and technology measures necessary to prevent data being compromised, in particular when it comes to BYOD. 

  • Of those that allow employees to use their own IT equipment remotely, only 14% manage the risk by controlling access to systems and data using software, a drop from 41% in 2022. 
  • Nearly a quarter (24%) require employees to receive approval to use their own devices, but do not apply any controls, while 17% don’t require approval or apply any controls, a rise from 8% last year. 15% only allow corporate IT provisioned devices to be used but have no way of enforcing this.  

The employee technology platform is moving further and further away from the organisation, especially where people are using their own kit. 

“While creating a great employee experience is important, and the flexibility and productivity gains are undeniable, it’s essential that security teams now pull on the reins and apply comprehensive measures to protect data. Without these, the situation is a ticking time bomb... Organisations must rebuild a culture that ensures everyone has a security-first mindset, wherever they’re working." Fielding said.

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Canada Challenges Meta Over Access To News
How Does Your Board Measure Cyber Resilience? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

Securi-Tay

Securi-Tay

Securi-Tay is an information Security conference held by the Ethical Hacking Society at Abertay University, Dundee.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

IQ Solutions

IQ Solutions

IQ Solutions is a Digital Integrator and an ICT Services Provider, focusing on innovative Cyber Secured ICT managed solutions tailored to the needs of the Maritime Industry.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

X-Ways Software Technology

X-Ways Software Technology

X-Ways provide software for computer forensics, electronic discovery, data recovery, low-level data processing, and IT security.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

Navixia

Navixia

As a leading Swiss IT security specialist, Navixia offers a global and pragmatic approach to information security.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

CleanCloud by SEK

CleanCloud by SEK

CleanCloud by SEK is a CSPM product focused on public cloud data protection and security regulations, with over 400 compliance checks for the market's leading frameworks and regulations.

HiSolutions

HiSolutions

HiSolutions is a renowned consulting firms for IT governance, risk & compliance in Germany, combining highly specialized know-how in the field with profound process competence.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.