"Most Insider Data Breaches Aren't Malicious"

Researchers at Code42 and Aberdeen Research have found that the majority of insider data breaches are non-malicious. In a new report titled "Understanding Your Insider Risk and the Value of Your Intellectual Property," the researchers found that at least one in three (33%) reported data breaches involve someone with authorized access to the impacted data. Another key finding of the report was that 78% of those insider data breaches involved unintentional data exposure or loss rather than any malice. The researchers observed employees repeatedly taking actions that put valuable company data at risk while fulfilling their day-to-day work responsibilities. The daily average of data-exposure events by trusted insiders per user was 13 and included moving corporate files to untrusted locations via email, messaging, cloud, or removable media. While such breaches are unlikely to be caused by malice, they can still have a significant financial impact on a business. The study found that the cost per year of breaches caused by insiders can reach up to 20% of annual revenue. The researchers stated that businesses struggle to maintain data security as most do not have consistent, centralized visibility over their digital environments.  Researchers found that 75% of organizations lack the tools necessary to track how much enterprise file movement their organization has and lack the tools to monitor how frequently valuable files are exposed by legitimate users carrying out their daily tasks. Another key finding of the research was that in 2020 a breach was four and a half times more likely to happen on an endpoint than on a server.

Infosecurity reports: "Most Insider Data Breaches Aren't Malicious"