Most Insider Data Breaches Aren’t Malicious

  • The majority of insider data breaches are non-malicious, according to new research released today by American cybersecurity software company Code42 in partnership with Aberdeen Research.

    The report Understanding Your Insider Risk and the Value of Your Intellectual Property found that at least one in three (33%) reported data breaches involve someone with authorized access to the impacted data.

    A key finding of the report was that 78% of those insider data breaches involved unintentional data exposure or loss rather than any malice. Researchers observed employees repeatedly taking actions that put valuable company data at risk while fulfilling their day-to-day work responsibilities.

    The daily average of data-exposure events by trusted insiders per user was 13 and included moving corporate files to untrusted locations via email, messaging, cloud or removable media.

    While such breaches are unlikely to be caused by malice, they can still have a significant financial impact on a business. The study found the cost per year of breaches from insiders can reach up to 20% of annual revenue.

    Businesses are struggling to maintain data security as most of them do not have consistent, centralized visibility over their own digital environments. Researchers found that 75% of organizations lack the tools necessary to track how much enterprise file movement their organization has and to monitor how frequently valuable files are exposed by legitimate users carrying out their daily tasks.

    Another key finding of the research was that in 2020 a breach was four and a half times more likely to happen on an endpoint than on a server.

    “Data stewardship has become a boardroom imperative. And while insider risk is not a new problem in security, managing it effectively in today’s open and collaborative business climate with enough resources is,” said Joe Payne, Code42’s president and CEO.

    “We know that one out of three data breaches involves an insider, though it’s likely much higher. Important ideas and key IP encompass much more than just the company crown jewels. It includes the very digital and portable information like source code, customer lists and salary structures – data that when taken can leave a devastating impact on a company’s competitive position and bottom line.”