SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
94% of organisations experienced insider data breaches last year - Human error top cause
Wed, 14th Jul 2021
FYI, this story is more than a year old

In the last year 94% of organisations experienced insider data breaches, and while human error is the top cause of severe IT breaches, malicious attacks are the biggest concern.

The new Egress Insider Data Breach Survey 2021 finds a substantial 94% of organisations experienced insider data breaches in the last year. The survey, independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors, including financial services, healthcare, and legal.

According to 84% of IT leaders surveyed, human error was the top cause of most serious incidents. Although IT leaders are more concerned about malicious insiders, 28% indicating that intentionally malicious behaviour is their biggest fear. Despite causing the most incidents, human error was the least concerning, with just over one-fifth (21%) saying that it's their biggest worry.

The survey found almost three-quarters (74%) of organisations were breached because of employees breaking security rules, and 73% have been the victim of phishing attacks.

Some key insights from the survey include:

  • 94% of organisations have experienced an insider data breach in the last 12 months.
  • Human error is the leading cause of severe insider data breaches, with 84% of organisations experiencing a security incident caused by mistake.
  • Malicious insiders are IT leader's biggest worry, with 28% indicating that it's their top concern.
  • Almost three-quarters (74%) of organisations have been breached because of employees breaking security rules, and 73% have suffered serious breaches caused by phishing. 
  • 97% of employees say they would report a breach, which is good news for the 55% of IT leaders who rely on employees to alert them to incidents.
  • 89% of incidents led to repercussions for the employees involved.
  • Over half (56%) IT leaders believe that remote/hybrid working will make it harder to prevent data breaches caused by human error or phishing.
  • 61% of employees believe they are less, or equally likely, to cause a breach when working from home.

Egress says the most significant driver for change in insider risk over the last year has been the adoption of long-term remote working due to the pandemic. Over half (56%) of IT leaders believe that remote work has driven an increase in data breaches caused by human error. In contrast, employees disagree, with 61% believing that remote work makes them less, or equally, as likely to cause a data breach.

"Insider risk is every organisation's most complex vulnerability, and it has far-reaching consequences, from ransomware attacks to loss of client trust," says Egress CEO, Tony Pepper.

“Organisations must act now to mitigate the risk posed by their people. The research highlights the importance of empowering employees to protect their employer's data. It's up to organisations to ensure that they're building a security-positive culture.

“With the right technology and strategy in place, organisations can transform their people from their biggest security vulnerability into their strongest line of defence,” he adds.