The Biggest Threat to Your Data Security

A new report sheds light on who's most likely to breach your business's data security. Hint: it's not hackers.
Business Writers
March 30, 2012

What's the biggest threat to your data?

It's not hackers–it's your own employees, says a new report.

The Ponemon Institute's "The Human Factor in Data Protection" study found that employee negligence (or maliciousness) was the source of 80 percent of respondents' data security problems. (Ponemon surveyed 709 U.S. IT and IT security experts.)

The number one reason for data breach was that employees lost laptops or other mobile devices (35 percent). A close second: 32 percent of employees had a third party mishap or flub. Third: Twenty-nine percent of employees had a system glitch.

Though employees largely were to blame for most data problems, nearly 70 percent of those surveyed either agreed or strongly agreed that their current security system could not hold off cybercriminals.

Other findings: More than half (56 percent) said data thefts were discovered accidentally (whether or not an employee mistake was the cause).

Why wouldn't a data theft be immediately obvious?

For starters, the employees who caused the data breach only confessed 19 percent of the time.  IT problems only turned up through an assessment or audit for 37 percent of those surveyed. Only about a third (36 percent) discovered IT problems thanks to an alert from their data protection technology.

The report found that businesses with fewer than 100 employees were more likely to have employees mishandling sensitive information–but only slightly more: 81 percent, versus 78 percent in larger companies. Businesses with fewer than 100 employees also were more likely to have "risky" behavior problems: 58 percent open attachments or web-links with spam and 77 percent left computer unattended. (Among the tips the report offers businesses: Make sure those with privileged user status know the risks, and require immediate notification if a mobile device containing sensitive and confidential information is lost or stolen.)

Small businesses are also less likely to protect data at all–65 percent of sensitive small business information is not encrypted or otherwise safeguarded, the report found.

The good news: A separate Ponemon report found that the cost of data breach–both organizational and the cost per lost or stolen record–has fallen for the first time in seven years. Organizationally, the cost has plunged 24 percent, from $7.2 million to $5.5 million. Per record cost has fallen from $214 to $194.

Why the eye-popping organizational costs (even if they've fallen significantly)? There's the cost of the data breach itself, then the customer churn, and other indirect costs. The researchers–after interviewing over 400 people from 49 U.S. companies–put $135 of that $194-per-record in the "indirect costs" category. (Another bit of good news: Customers are now less likely to jump ship after a data breach, according to the report.)

Do you have policies in place governing what employees must do if they lose a mobile device or cause a data security breach? Have you had to notify customers of a breach, and how have they reacted?

Photo credit: Thinkstock