Insider Data Breach Survey 2020
By completing this form you are opting into emails from Secon Cyber. You can unsubscribe at any time.
The risk from employees accidentally or intentionally leaking data is significant and difficult to confront.
The world has changed. The implementation of GDPR in 2018 was just the opening act in a global transformation of data privacy laws. As companies continued to hit the headlines for noncompliance in 2019, we saw regulators such as the UK’s Information Commissioner’s Office (ICO) flex new powers by issuing intentions to fine on a scale that left the security community reeling.
Now more than ever, no one wants to be part of the security team at the next company under investigation by regulators.
Headlines frequently focus on external attacks, but the risk from employees accidentally or intentionally leaking data is significant and arguably more difficult to confront. Increasing volumes of unstructured data and a wealth of sharing tools make it easier than ever for employees to cross the company policy line and carry out actions such as taking data with them to new jobs or downloading it to personal systems to work from home.
Preventing insider breaches – whether intentional or accidental – and protecting sensitive data while still ensuring employees remain productive is a complex challenge for IT leaders (including CISOs) to solve,
Insider breach risk: the view from the top
Concerned, cynical and conscious of compliance
97% of IT leaders surveyed admitted to being concerned about insider data breaches. Up 2% from 2019, this widespread worry shows nothing has happened to reassure IT leaders in the past 12 months that this problem is going away.
This anxiety is reflected in IT leaders’ estimates of how often staff have put data at risk over the last year:
say employees have put data at risk accidentally.
say employees have put data at risk intentionally.
The proportion who believe employees have put data at risk accidentally has remained stable since 2019, but there has been a notable 14% jump in the percentage of IT leaders who think employees have deliberately put data at risk.