Most Data Breaches Come from Insiders

Coming as no surprise to security professionals are the results of a recent study of data security: your weakest link is your own employees.

Perhaps the extent of the issue is more eye-opening: Information security leaders who have had a data breach in the previous 18 months reported that employees were the cause of half of them.

The research was commissioned by data security firm Code42 and released in the form of a report: 2019 Data Exposure Report (free, but registration required). The information security leaders surveyed implicated their organizations’ own employees in 50 percent of data breaches. Other causes included “external actors” (e.g. cybercriminals via malware) at 28 percent, “software failures” at 27 percent, and “old, unpatched security vulnerabilities.”

“Personnel Peril: The Risk of the Insider Threat” in the April 2018 issue of Security Management details how to set up a strong insider threat program to mitigate the risks of employee data breaches. Components of the insider threat program described in the article are:

Comprehensive Support: The organization needs to appoint someone who has the authority to develop policies and procedures to manage the program.

Team Approach: It takes more than just IT and security. Human resources is heavily involved, as is facilities management, but an insider threat comprised of representatives from around the organization is the most effective way to go.

Training: Employees should feel that they share a common security interest.

Written Plan: An organization’s written policies and procedures addressing insider threats should not be a static document—the team should be discussing and updating it regularly.

For more on insider threats, see:

Tackling the Insider Threat, a report from the ASIS Foundation.

“The Unique Threat of Insiders,” Security Management, October 2017

“How to Bridge the Gap,” Security Management, April 2019