A recent survey of 500 IT decision makers and 4,000 employees in the U.S., U.K., Germany and Australia, conducted by Loudhouse on behalf of Clearswift, has found that 40 percent of companies expect to experience a data breach resulting from employee behavior in the next 12 months.
The 2015 Clearswift Insider Threat Index also found that 75 percent of employees believe their company doesn’t give them enough information about data policies and what is expected of them, and 58 percent don’t understand what would actually constitute a security breach.
Notably, fully 50 percent of respondents admitted that they disregard their companies’ data protection policies in order to get their jobs done.
And 72 percent of security professionals, the survey found, believe their board doesn’t treat internal security threats with the same level of importance as external security threats.
“The detachment between the front line security professionals and board members within an organization is particularly worrying in the wake of recent high profile cyber breaches in the U.K. already this year,” Clearswift chief executive Heath Davies said in a statement.
“Cyber attacks are a major problem, and it’s time for boards to take a proactive stance on this,” Davies added. “Companies need a clear, coherent, adaptive strategy which encompasses people, processes and technology, and this mandate needs to come from the top.”
“Any such strategy needs to understand how critical information might leave your company network, starting with the custodians of your data — and this must include anyone that interfaces with your data, so ‘your extended enterprise,’ including employees, contractors and third party data handlers,” Clearswift senior vice president of products Dr. Guy Bunker said. “Who has access to what sensitive data, and should they? How do they share data? Will they take company data with them when they leave? What would happen if a company phone was left on a train? Could any of them be tempted to sell data? These types of questions help you understand the risks and deploy proactive solutions to mitigate them.”
“Companies with good, existing data protection habits and a well thought through data security policy are in better shape to survive a breach, whether internal or external,” Bunker added. “The insider threat represents a ticking time-bomb for businesses and one, it seems, that they are unprepared for.”
Earlier this year, the SANS 2015 Survey on Insider Threats found that while 74 percent of IT security professionals surveyed said they’re concerned about insider threats, 32 percent said they have no ability to prevent an insider breach — and the 2015 Vormetric Insider Threat Report found that fully 93 percent of U.S. IT decision makers feel their organizations are somewhat or more vulnerable to insider threats.