Experian Data Breach Resolution along with Ponemon Institute, a security research firm, surveyed over 600 people who worked for companies that offered data protection and privacy training programs. Their findings, published in the Managing Insider Risk through Training & Culture report, revealed that 66% believe employees pose the biggest risk, 60% think that employees have little to no knowledge of company security risks, and 55% said their organizations had at least one security breach due to an employee acting out of negligence or malice.
Thor Olavsrud, senior writer for CIO points out that organizations are not doing enough to effectively train employees on what they can do to reduce the risks associated with data in the workplace, how to report potential problems, and how to protect company data.
Only around half of the respondents from the Experian-Ponemon study agreed that their employee training programs actually helped to reduce noncompliant behaviors.
70% of Corporate Security Officers lose sleep at night worrying that malware will be released on the company servers via an insecure website or a mobile device. 60% are worried that a user will have his or her access rights violated. 49% get nervous that someone will access company applications from an insecure public network. What’s surprising is that these statistics relate to internal security risks from employees, not some unknown hacker on the other side of the globe.
Michael Bruemmer, vice president of Experian Data Breach Resolution, told CIO that "among the many security issues facing companies today, our study emphasizes that the risk of a data breach caused by a simple employee mistake or act of negligence is driving many breaches."
While all the companies surveyed indicated that there was an employee training program in place to address data security matters, they were limited in that they did not create behavioral changes in employees. The best advice for companies is to develop stronger data security programs and policies to crack down on offenses.