What We’ve Got Here Is Failure to Communicate: Data-Breach Survey

Thom Weidlich 05.02.19


A recent survey finds a chasm between IT professionals and other employees when it comes to data breaches, and it’s clear what’s needed to narrow that gap is some more communication. The type of talk we have in mind — to prevent breaches — is an important part of crisis communications.

The Insider Data Breach survey from London-based data-security company Egress Software Technologies Ltd. also found some big differences in view between employer and employee when it comes to the character, cause, and likelihood of data breaches. This is a big deal because much misuse of such information comes from insiders, also known as employees.

Consider that the survey found 29 percent of employees believe they have exclusive ownership of the data they’ve worked on, according to the study. Or that 24 percent of employees who intentionally shared company data took it with them to a new job. Or that 55 percent of workers who intentionally shared data against company rulessaid they weren’t provided with the tools needed to share sensitive information securely.

Over one-third of employees (35 percent) were unaware that information should not be shared. That shows an obvious lack of communication about company rules, data protection, and intellectual-property rights. These should always be addressed as part of crisis prevention.

Employee Carelessness

More than half (60 percent) of IT leaders surveyed said the leading cause of data breaches is employee carelessness through rushing and making mistakes. A general lack of awareness was the second-most cited reason (44 percent), while 36 percent indicated that breaches were caused by a lack of training on the company’s security tools.

Of the employees surveyed who had accidently shared data, almost half (48 percent) said they had been rushing, 30 percent put the blame on too much pressure in the workplace, and 29 percent said the problem was fatigue.

Yet, the most frequently cited employee error was accidentally sending data to the wrong person (45 percent), while 28 percent had been the victims of phishing emails.

“The results of the survey emphasize a growing disconnect between IT leaders and staff on data security, which ultimately puts everyone at risk,” Egress CEO and Co-Founder Tony Pepper said in a company statement. “While IT leaders seem to expect employees to put data at risk — they’re not providing the tools and training required to stop the data breach from happening.”

Image Credit: Alexander Alexanderov/Shutterstock

This is an abridged version of an article that appeared today on the CrisisResponsePro paid subscription portal. (CrisisResponsePro subscribers can access the full version by clicking here. ID and password are required.) To take advantage of all of the content, data, and collaborative resources CrisisResponsePro has to offer, contact us at signup@crisisresponsepro.com.

Related:Verizon Breach Report Finds Targeted C-Suite, Steady Ransomware