The survey collected responses from more than 600 individuals at companies that have a data protection and privacy program. Here are five key findings from the survey.
1. Fifty-five percent of respondents identified a security incident or data breach due to employee negligence or a malicious attack by an employee.
2. The No. 1 security concern among respondents is employees inadvertently exposing sensitive or confidential information.
3. The types of employee behaviors respondents most fear include unleashing malware from an insecure website or mobile device (70 percent), violating access rights like using someone else’s login credentials (60 percent), using an unapproved mobile device in the workplace (55 percent), accessing company applications from an insecure public network (49 percent) and succumbing to a phishing attack (47 percent), among others. (Respondents were permitted to select more than one choice.)
4. When asked why it is difficult to reduce the risk of data breaches due to negligent or malicious employees, 70 percent of respondents said they lack in-house expertise, and 55 percent of respondents said they lack leadership or ownership of the issue. Additionally, half of respondents said there are organizational silos to reducing data breach risk, and 47 percent said their budget is too small. Respondents were permitted to select more than one choice.
5. Less than half of respondents (49 percent) said senior management believes a strong security posture is part of the corporate culture.
More articles on cybersecurity:
CHIME suggests cybersecurity as a reimbursement factor in MIPS
First known ransomware attack in 1989 also targeted healthcare
IBM Watson sets sights on cybercrime
