UK security leaders believe that their organisation’s employees are "continually exposing sensitive data to the risk of a breach", and neglecting to take the necessary steps to control the risks, with almost half of companies claiming remote workers have knowingly exposed data to a breach.
This is according to annual research carried out by Apricorn, whose survey suggests that as much as 70% of corporate breaches are a "direct result of employee error or malicious intent".
With just 200 security leaders surveyed, the sample was relatively small, but the findings still indicate a lack of trust in employees when it comes to following responsible data security practices.
Of the security decision makers surveyed, 22% said employees unintentionally putting data at risk had been the main cause of a data breach at their organisation, with staff being caught out by phishing emails close behind at 21%. Remote workers specifically had been the catalyst at 26% of organisations – up from 21% in 2022. And, 20% said employees with malicious intent had been behind a breach at their company, a rise from 10% last year. Third parties mishandling corporate information had caused a breach at 21%, up from 12%, highlighting the increasing need for tighter security in the supply chain.
48% of respondents admitted that their company’s mobile or remote workers have knowingly exposed data to a breach over the last year, a rise from 29% in 2022, while 46% stated that their remote workers “don’t care” about security, up from 17% the previous year.
Jon Fielding, Apricorn’s managing director EMEA, said: “Our research indicates businesses don’t trust their employees to live up to their responsibilities around protecting data. This is particularly the case when they’re working remotely. There appears to be a lack of buy-in and in some cases a blatant disregard of the need to follow cyber security policies – perhaps as a result of employees becoming too relaxed over security. Organisations must rebuild a culture that ensures everyone has a security-first mindset, wherever they’re working.”
Despite awareness of the ‘insider threat’, companies are not applying the policy and technology measures necessary to prevent data being compromised – in particular when it comes to BYOD.
Apricorn's research was conducted by Censuswide amongst 201 security decision makers (manager level and upwards) in large companies in the UK in April 2023.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE