An independent research organization, Opinion Matters, surveyed more than 250 U.S. and U.K.-based IT CIOs, CTOs, CISOs, and IT directors, as well as more than 2000 U.S. and U.K-based employees.
The survey's purpose was, given most data breaches are human error, to look at the "root causes of employee-driven data breaches, their frequency, and impact."
The result? There is a "significant chasm between IT leaders and employees over data security and ownership." This chasm undermines "any attempts to stem the growing tide of insider breach incidents." Employees, basically, are "either unaware of, or unwilling to admit, their responsibility."
Here are some key findings of the survey:
Employees have put company data at risk accidentally in the last 12 months (according to 79 percent of IT leaders).
Employees did so maliciously (according to 61 percent of IT leaders) to: a) harm the organization (30 percent of IT leaders) or b) for financial gain (28 percent of IT leaders).
An insider breach will occur in the next 12 months (60 percent of IT leaders), and 46 percent of IT leaders believe it will be malicious.
On the other hand, employees (92 percent) reported they have not "accidentally broken company data sharing policy in the last 12 months" and 91 percent state "they haven't done so intentionally."
"23 [percent] of employees who intentionally shared company data took it with them to a new job", and 29 percent of employees "believed they have ownership of the data they have worked on."
Fifty-five percent of employees who "intentionally shared data against company rules said their organization didn't provide them with the tools needed to share sensitive information securely."
IT leaders identified these root causes insider breaches:
· Employee carelessness - rushing and making mistakes through (60 percent
· General employee lack of awareness (44 percent) and
· Lack of training of employees on the company's security tools (36 percent).
"From the employee perspective, of those who had accidentally shared data, almost half (48 percent) said they had been rushing; 30 percent blamed a high-pressure working environment; and 29 percent said it happened because they were tired." Common errors include accidentally sending data to the wrong person (45 percent) or being caught by a phishing email (27 percent)."
More than a third of employees (35 percent) said they "were simply unaware that information should not be shared." Sixty percent of employees did not know that the organization is the exclusive owner of the organization's data. 61% of CIOs believe employees leak data maliciously" https://datacentrenews.eu (Mar. 26, 2019).
So, the question for our readers is: Do employees leak employer data maliciously?
Please let us know what you think in the comment section or take the poll. Here are some opinions of some of the McCalmon editorial staff:
Jack McCalmon, Esq.
I have my doubts that 61 percent of employees maliciously put their employers' data at risk in order to harm their organizations. I do believe that workplace participant carelessness is the primary cause of breaches and perhaps that rises to the level of extreme and wanton neglect that may appear malicious. Of course, there are some employees who intend to harm a system, but the vast majority of employees would not know where to start that process. With that written, training is key to combat employee neglect, including training on phishing, spam, and malware prevention, as well as password, Wi-Fi, and device security.
Leslie Zieren, Esq.
The results certainly highlight the topics to be covered by employers in training. Employees must be educated that projects (and the underlying data) they work on belong to the employer, not to them. The harms to the organization, their livelihood, and perhaps to their personal wallets that result from failing to keep proprietary information confidential must be explained in detail.
You can provide a comment on what you would do or answer our poll. Please note any comments provided may be shared with others.