Clearswift released their annual Clearswift Insider Threat Index (CITI) exploring why firms have been slow to address internal security threats and including data from extensive research into the security priorities and awareness of over 500 IT decision makers and 4,000 employees across the UK, US, Germany and Australia.
“The detachment between the front line security professionals and Board members within an organization is particularly worrying in the wake of recent high profile cyber breaches across the globe already this year,” said Heath Davies, CEO at Clearswift. “Cyber-attacks are a major problem and it’s time for Boards to take a proactive stance on this. Companies need a clear, coherent, adaptive strategy which encompasses people, processes and technology, and this mandate needs to come from the top.”
Companies surveyed were keenly aware that there is a looming threat from the extended enterprise, with 40 percent of firms expecting a data breach in the next 12 months, as a result of employee behavior and employees indicating widespread lack of awareness of good cyber security practice.
Key findings from the study show that employee awareness is a major part of the problem:
- 92 percent of organizations in the U.S. have experienced a data breach on some level in the last 12 months – of these, 40 percent say they have seen growth in the number of internal breaches.
- 75 percent of global employees believe their company provides inadequate levels of information about data policies and what is expected of them.
- 58 percent of global employees lack understanding of what might actually constitute a security threat from within their organization.
- 72 percent of global security professionals believe internal security threats are still not treated with the same level of importance as external threats by the Board.
- 50 percent of global employees admit that they disregard data protection policies at work in order to get their job done.
- 73 percent of breaches have originated from within the extended enterprise globally in the last year.
“Companies with good, existing data protection habits and a well thought through data security policy are in better shape to survive a breach, whether internal or external. The insider threat represents a ticking time-bomb for businesses and one, it seems, that they are unprepared for,” added Dr. Guy Bunker, Vice President of Products at Clearswift.