Employees are nearly always to blame for data breaches

New research has suggested the majority of corporate data breaches (7 in 10) are actually the result of employee error, rather than sporadic cyberattacks.

A study from Apricorn has revealed one in five (22%) of business security decision-makers believed employees had unintentionally put company data at risk, with a similar figure (21%) believing that workers had fallen victim to phishing emails that resulted in the exfiltration of data.

Similarly, 20% of the security workers surveyed were under the impression that employees with malicious intent had been behind a data breach, representing a 100% growth compared with last year.

Employees putting company data at risk

Hybrid working, which quickly became the norm amidst the pandemic, has been under scrutiny lately not least by Big Tech. As more companies begin to push their return-to-office agendas, Apricorn gives them one more piece of research to cite.

“Our research indicates businesses don’t trust their employees to live up to their responsibilities around protecting data. This is particularly the case when they’re working remotely,” noted Apricon EMEA managing director Jon Fielding.

Almost half (48%) of respondents say that their company’s remote or mobile workers knowingly exposed data to a breach in the past 12 months, with almost as many (46%) not concerned about cybersecurity.

Fielding continues: “Organisations must rebuild a culture that ensures everyone has a security-first mindset, wherever they’re working.”

The flexible bring-your-own-device (BYOD) approach has been favored by some for its cost-cutting potential for businesses, but these are believed to be the worst offenders for failure to apply policies and protective measures.

An estimated 17% of companies do not require approval for workers to use their own devices, nor do they apply any controls. A further 15% only authorize corporate IT provision, but very few have an effective way to police this.

Fielding calls for an effective balance of flexibility and productivity with comprehensive cybersecurity measures, without which companies face a ticking time bomb.

Related Post