94% of organisations have suffered insider data breaches, Egress research reveals

94% of organisations have suffered insider data breaches, Egress research reveals
Human error is the top cause of serious breaches but malicious attacks are IT leaders’ biggest concern.

London, UK – 13th July 2021 – Egress’ Insider Data Breach Survey 2021 has revealed that an overwhelming 94% of organisations have experienced insider data breaches in the last year. Human error was the top cause of serious incidents, according to 84% of IT leaders surveyed. However, IT leaders are more concerned about malicious insiders, with 28% indicating that intentionally malicious behaviour is their biggest fear. Despite causing the most incidents, human error came bottom of the list, with just over one-fifth (21%) saying that it’s their biggest concern.

Additionally, almost three-quarters (74%) of organisations have been breached because of employees breaking security rules, and 73% have been the victim of phishing attacks.

The survey, independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.

Key insights include:

94% of organisations have experienced an insider data breach in the last 12 months
Human error is the leading cause of serious insider data breaches, with 84% of organisations experiencing a security incident caused by a mistake
However, malicious insiders are IT leaders’ biggest worry, with 28% indicating that it’s their top concern
Almost three-quarters (74%) of organisations have been breached because of employees breaking security rules, and 73% have suffered serious breaches caused by phishing
97% of employees say they would report a breach – which is good news for the 55% of IT leaders who rely on employees to alert them to incidents
But it’s not necessarily positive when they do: 89% of incidents led to repercussions for the employees involved
Over half (56%) IT leaders believe that remote/hybrid working will make it harder to prevent data breaches caused by human error or phishing
By contrast, 61% of employees believe they are less, or equally as likely, to cause a breach when working from home
Empowering insiders to do the right thing
The research revealed that an overwhelming 97% of employees would report an insider data breach to their employer – which is reassuring for the 55% of IT leaders who rely primarily on employees to report incidents. However, when employees do speak up about breaches, it can cost them: the research found that 89% of incidents lead to repercussions for the employees involved, including informal and formal warnings, and dismissal.

In addition, just 54% of employees said that they feel their organisation’s security culture trusts and empowers them, indicating that many organisations lack a security-positive culture.

The risks of hybrid working: a difference in opinion
The biggest driver for change in insider risk over the last year has been the adoption of long-term remote working due to the pandemic. Over half (56%) of IT leaders believe that remote work has driven an increase in data breaches caused by human error. Meanwhile, employees disagree, with 61% believing that remote work makes them less, or equally, as likely to cause a data breach.

IT leaders are also concerned for the future, with 54% indicating that they believe that remote/hybrid working will make it more difficult to prevent data breaches caused by human error. Half of IT leaders also believe that it will make it more difficult to prevent phishing attacks, and 49% believe that it will be more difficult to prevent employees from breaking the rules if they’re working remotely in the future.

Egress CEO Tony Pepper comments: “Insider risk is every organisation’s most complex vulnerability – and it has far-reaching consequences, from ransomware attacks to loss of client trust. Organisations must act now to mitigate the risk posed by their people.

“The research highlights the importance of empowering employees – they want to protect their employer’s data, and it’s up to organisations to ensure that they’re building a security-positive culture. With the right technology and strategy in place, organisations can transform their people from their biggest security vulnerability into their strongest line of defence.”

Methodology
The Insider Breach Report 2021 was independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.

About Egress
Our mission is to eliminate the most complex cybersecurity challenge every organisation faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behaviour such as misdirected emails, data exfiltration and targeted spear-phishing attacks.

Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York and Boston