Why 61% of CIOs believe employees maliciously leak data

One in five employees surveyed believes data belongs to them, not the company, according to an Opinion Matters / Egress report.

How CISOs can gain a better understanding of their cybersecurity attack surface At RSA 2019, Emily Heath of United Airlines explained the top security challenges businesses face.

While a vast majority of cybersecurity measures focus on keeping outside malicious actors away from your organization's data, the insider risk that employees pose—either unwittingly or intentionally—can be detrimental. Some 79% of CIOs said they believe employees put sensitive company data at risk accidentally within the last 12 months, according to the 2019 Insider Data Breach survey published Monday by Opinion Matters and security compliance firm Egress.

SEE: Home usage of company-owned equipment policy (Tech Pro Research)

Likewise, 61% of CIOs responding to the survey indicated a belief that employees put company data at risk maliciously, though only 30% said they believe that employees are leaking data specifically to harm the organization. The IT decision makers surveyed tended to give the benefit of the doubt to employees, with 60% citing employees "rushing and making mistakes," and 44% citing lack of awareness (respondents were asked to pick up to three responses) as the reasons for the security incidents.

Providing the tools and training to do the job securely

The perception that IT policies and a lack of tools encumber employee abilities to carry out their job persists, as the report finds that 55% of employees who intentionally shared data claimed to lack the necessary security tools to securely share information.

Of employees surveyed who accidentally shared information, 45% confessed to sending information to the wrong person, while 35% shared information not intended to be shared.

The reason why these mistakes were made are as banal as you might expect—48% of respondents indicated they were in a rush, while 30% and 29% percent respectively cited a stressful environment or being tired. Only 21% claimed a lack of adequate training on company security policies.

Whose data is it, anyway?

Some 29% of respondents from the UK reported to taking information with them when starting a new job, compared to only 11% of US respondents. One in five respondents indicated they felt the information belonged to them, not the company.

For more on the potential of insider risk, check out " Your systems, their profit: How IT rights can be abused for shadow mining of cryptocurrency."

Also see

istock-464987849.jpg
Getty Images/iStockphoto