Be Careful! Most data breaches come from within


As a business owner, who actually like employees? They turn up late, they’re sick and they are so counter-productive with everything you do. And now, according to new research from Forrester, they are 63% of the reason why data breaches happen within your organisation.

This research indicates that only 25% of data breach cases are the work of external attackers and only 12% of them perpetrated by insiders with ill intent. That leaves a whopping 63% of the issues caused by something more mundane. As mundane as leaving your phone in a coffee shop, or misplacing corporate assets, at the local food store – why you would take assets shopping is another matter entirely though.

Physical theft of items like laptops and smartphones is part of the 63% as well, as is – the clever term – “inadvertent misuse” of company privileges and equipment.

Worrying, isn’t it? However, more worryingly, employees know little of security policies in place and that is resulting in this incredible high figure.

Researcher Heidi Shey said in her report: “It’s not simply just a matter of having the appropriate tools and controls in place. It’s worth noting that only 56 percent of information workers in North America and Europe say that they are aware of their organisation’s current security policies.”

Where are these security policies hiding? A constant theme running though risk of privacy and data breaches, is the lack of knowing. Understanding plays a great deal in securing data and privacy.

The victims of these breaches, employee and customer personal data accounted for 22% of cases reported, while intellectual property accounted for 19%. Sensitive identity management credentials – the good stuff – like user names and passwords came in at 11%.

Relating trends coming from this survey were fears surrounding consumerisation and Bring-Your-Own-Device (tips for BYOD can be found here). Some action is required.  

Are these two trends a concern for you? Are there any others that business owners should be worried about?

Let us know via Twitter @MicrosoftBizUK

Comments (0)

Skip to main content