Employees To Blame For 70% Of Corporate Data Breaches

Security leaders in UK companies believe that their organisation’s employees are continually exposing sensitive data to the risk of a breach, yet are neglecting to take the necessary steps to control the risks. 

This is according to annual research carried out by Apricorn, a leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives. Apricorn found that 70% of corporate breaches are a direct result of employee error or malicious intent. 

Of the security decision makers surveyed, 22% said employees unintentionally putting data at risk had been the main cause of a data breach at their organisation, with staff being caught out by phishing emails close behind at 21%. 

Remote workers specifically had been the catalyst at 26% of organisations, up from 21% in 2022. 

  • 20% said employees with malicious intent had been behind a breach at their company, a rise from 10% last year.
  • Third parties mishandling corporate information had caused a breach at 21%, up from 12%, highlighting the increasing need for tighter security in the supply chain.  
  • 48% of respondents admitted that their company’s mobile or remote workers have knowingly exposed data to a breach over the last year, a rise from 29% in 2022, while 46% stated that their remote workers “don’t care” about security, up from 17% the previous year.  

This trend was echoed when the respondents were asked about the main problems they faced with implementing a cyber security plan for remote and mobile working. 

  • The biggest issue, which 28% are struggling with, is lack of awareness among employees of the risks to data when working away from the office.
  • Also high on the list is the fact that staff who are aware of security risks will still take action that results in data being exposed or lost (23%).  

"Our research indicates businesses don’t trust their employees to live up to their responsibilities around protecting data. This is particularly the case when they’re working remotely... There appears to be a lack of buy-in, and in some cases a blatant disregard of the need to follow cyber security policies, perhaps as a result of employees becoming too relaxed over security" Jon Fielding, Apricorn’s managing director EMEA, commented

Despite awareness of the ‘insider threat’, companies are not applying the policy and technology measures necessary to prevent data being compromised, in particular when it comes to BYOD. 

  • Of those that allow employees to use their own IT equipment remotely, only 14% manage the risk by controlling access to systems and data using software, a drop from 41% in 2022. 
  • Nearly a quarter (24%) require employees to receive approval to use their own devices, but do not apply any controls, while 17% don’t require approval or apply any controls, a rise from 8% last year. 15% only allow corporate IT provisioned devices to be used but have no way of enforcing this.  

The employee technology platform is moving further and further away from the organisation, especially where people are using their own kit. 

“While creating a great employee experience is important, and the flexibility and productivity gains are undeniable, it’s essential that security teams now pull on the reins and apply comprehensive measures to protect data. Without these, the situation is a ticking time bomb... Organisations must rebuild a culture that ensures everyone has a security-first mindset, wherever they’re working." Fielding said.

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Canada Challenges Meta Over Access To News
How Does Your Board Measure Cyber Resilience? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

InfoWatch

InfoWatch

InfoWatch solutions allow you to protect data and information assets that are critically important to your business.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

Abnormal Security

Abnormal Security

Abnormal is an API-based email security platform providing protection against the entire spectrum of targeted email attacks.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

Motiv ICT Security

Motiv ICT Security

Motiv is the ICT security specialist that provides public and private sector organisations with IT security solutions and services to prevent cybercrime, data theft and data breaches.

Nisos

Nisos

Nisos provides unrivaled protection of your reputation and assets through the practice of Active Defense.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

Valeo Nertworks

Valeo Nertworks

Valeo Nertworks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

Diversified Technical Services Inc. (DTSI)

Diversified Technical Services Inc. (DTSI)

DTSI provides a wide range of technology solutions for Federal Agencies, the Department of Defense, and commerical organizations with capabilities including Cyber Security and DevSecOps.

Oasis Security

Oasis Security

Oasis is the market leading platform for non-human identity management. Our mission is to fortify cybersecurity defenses by enabling enterprises to efficiently secure non-human identities.

SECTA5

SECTA5

SECTA5 is a cybersecurity company building a next-generation Continuous Threat and Exposure Management platform, leveraging the expertise of offensively trained cyber defenders.