Insiders Pose Biggest Threat to Data Security, Study Says

Employing best practices and technology can protect sensitive data, maintain company reputation and prevent financial losses.

by / October 28, 2008

A new study conducted by the Ponemon Institute showed insiders were the number one cause of all data breaches with hackers ranking a distant fifth.

The survey shows insiders caused 75 percent of all breaches in the U.S. while external hackers committed only one percent of breaches. The 2008 Study on the Uncertainty of Data Breach Detection also reveals 79 percent of U.S. respondents had experienced at least one data breach.

"Enterprises must recognize that simply trusting employees will inevitably prove detrimental to their security, their risk postures and their business interests," wrote Perry Carpenter. "A mixture of tried-and-true security practices, security awareness, and low- and high-tech toolsets will provide the most effective and comprehensive defense against the insider threat."

The study also shows that 41 percent of all data breaches occurred in a mainframe environment, putting abundant confidential customer data at risk considering more than 80 percent of the world's corporate and governmental data resides on mainframes.

"Data security has become a critical issue to the financial integrity of businesses and individuals alike," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "This study shows that both personal and corporate information is flooding out of the organizations entrusted with its confidentiality."

The 2008 Study on the Uncertainty of Data Breach Detection was conducted using a proprietary web-based survey platform with the results derived from the responses of 3,596 IT professionals in the US, UK, France and Germany with an average of nearly nine years of experience. In the U.S., 57 percent of respondents were from IT Operations and Security. Commissioned by the Compuware Corporation, the survey was fielded by the Ponemon Institute.

To obtain the white paper, 2008 Study on the Uncertainty of Data Breach Detection, that summarizes the survey findings and provides a thorough discussion of the implications of these results, please go to the Web site.