Data breaches are becoming vastly common in the growing digital era, and are sometimes bigger threats than hackers themselves…
According to research, 90% of employees violate data breach prevention policies. This is contrary to the common misconception that data breaches are undertaken by cyber-hackers who are masked behind their screens. In fact, data breaches happen daily due to the failure of employees who are not following data prevention policies.
The research suggested that employees are the bigger threat than cyber-hackers. This shows that businesses are not doing enough to protect their users’ data from being accessed.
Data breach statistics
Data breach statistics are living proof of that. In 2016, the Breach Level Index (BLI) found 974 publicly disclosed data breaches which meant the loss or theft of 554 million records. To put that into perspective, the Office for National Statistics estimated the U.K. population to be around 65 million in 2015. The stolen/lost personal data recorded in 2016 is around eight times the U.K. population!
There could be more, as the BLI study only reports publicly disclosed breaches. So there could be some other data being stolen or lost unknowingly. The compromised records also shows a 31% increase from 2015. There are of course many factors affecting the data breaches, but it seems that employees are a big contributory factor.
Most impacted industry
The following news may surprise you, but data breach statistics last year showed that the government was one of the most impacted industries with over 318 million data records lost or stolen. Although governmental breaches occur less, when data records are lost or stolen, cyber-hackers can gain more out of the records.
So, you would think that the government should have a huge responsibility for preventing data breaches. Effectively, they should be the ones to show other businesses how it’s done. But in reality they are the ones reportedly failing to protect personal data more so than any other industry.
Reasons for data breaches by employees
Mergers and takeovers can lead to inadvertent breaches. As businesses develop in a globalised economy, and the volume of work increases, companies are often contracting work out to third parties. Ultimately this means that more personal data is exchanging hands and leaving company-controlled networks. The companies who are contracted to work on behalf of other companies may have different data protection policies, and this may cause a variation in data protection afforded to their users.
Another reason for the big violation is the fact that more and more technology is being used in the workplace. Devices and technologies from our personal lives are fast becoming an essential tool in the working sphere. Two-thirds of employees report using digital devices at work for convenience. This can mean an increased risk for personal data to be secure. When employees choose convenience over security, there is a huge data protection risk.
For companies to be better managed, they must have effective training for their employees. Companies could minimise the risk by making it easier and more transparent for employees to comply with data protection policies. Investing in cyber-security is crucial, but that is only one solution to the conundrum.
Companies must ensure that employees are doing their best to comply with data protection policies. Penalties could be enforced on employees who fail to adhere to data protection procedures. This can allow companies to deliver effective security protection and minimise the risk of data breaches.
A balance must be struck by businesses. On the one hand, they must invest in data protection. On the other hand, they must also equip employees with the right training and tools to ensure that data breaches will be kept at a minimum.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.