Wednesday 22 January 2014

77 per cent of company data breaches are caused by employees

The Journal.ie
21st January 2014

The survey found that almost a quarter of Irish companies have experienced multiple data breaches over the past twelve months.

MORE THAN HALF of Irish companies have experienced a data breach in the last twelve months, the majority of which are caused by staff members.

A new report from the Irish Computer Society (ICS), which surveyed IT administrators working in 256 Irish-based companies, found that 51 per cent of companies experienced a data breach in the past twelve months, while 22 per cent experienced multiple breaches.

The majority said that staff members were the main cause of data breaches with 77 per cent of incidents caused by “negligent employees.”

Other threats that concerned IT managers were unsecure end user devices, such as unencrypted laptops containing sensitive data, and external attackers trying to obtain data.

When asked about the correct adoption of data protection procedures, more than one in three said that policies are not implemented or are just partially implemented. Only 39 per cent said that its data protection policies were fully implemented.

The report also found that most employees were satisfied with the level of training they received in data protection with 57 per cent saying they received the right amount. 24 per cent of those surveyed said they received no training in this area, while 16 per cent said they received insufficient training.

The Chairman of the Association of Data Protection Officers, Fintan Swanton, believed it highlighted the need for organisations to take steps in managing their company’s data.

Employees might appreciate the importance of data security, but organisations need to instil a culture of compliant data management… It is as much a case of protecting the organisation’s commercial reputation, as it is of protecting the individual’s privacy.

The survey comes after new data protection legislation come into effect. The new legislation will require most organisations to have a Data Protection Officer.