News Archives

Sunday, December 20, 2015

Survey Finds Employees the Leading Cause of Data Breaches

A new cybersecurity survey by the Association of Corporate Counsel, released on December 9, found employees to be responsible for most data breaches.  According to responses from more than 1,000 in-house lawyers in 30 countries, 60% of data breaches can be attributed to employees in the following ways:  employee error, such as in sending an errant email (24%); inside job (15%); phishing (12%); and lost laptop/device (9%).  Other identified causes of breaches were access through a third party (12%); application vulnerability (7%); malware (7%); ransomware (1%) and operating system vulnerability (<1%).  Even through most breaches are caused by employees, the survey also found that fewer than half of the companies involved provide mandatory data security training to employees, and even fewer track or test employee knowledge.

These findings are thoroughly consistent with earlier ones reported in this blog over the years, including most recently, Single Biggest IT Security Threat Remains Employees (April 30, 2015).  Sadly, it appears that companies will continue failing to train and test employees in data security until legally compelled to do so, even if it is manifestly in their own interest to do so.  Furthermore, it will be another two years before companies doing business in Europe will be required to demonstrate their accountability in this area.

No comments:

Post a Comment