97% of corporate data breaches are due to employees

Wed Oct 15, 2008 2:47PM EDT

See Comments (1)

For all the time we spend fretting over hackers who would break into our networks and abscond with our secrets, rarely do we stop to consider what those people who're actually authorized to be on the network are doing.

In some sobering news from Compuware, a new study says that the vast majority of data breaches -- roughly 97 percent -- are due to employee carelessness and malice, not those crooks waiting in the shadows outside, eager to hack the network.

As Ars Technica notes, there is no information on the severity of data breaches discussed in the study, including information about the number of people impacted or the type of data taken. In fact, "data breach" isn't even fully defined, but in a nutshell it applies to the loss of "information about individuals such as consumer data, customer information, employee records, and so forth," so a data breach could be construed as everything ranging from customer lists to credit card records and Social Security Numbers. The study says that 79 percent of companies queried have experienced some sort of data loss (though again, Ars rightly notes that not all of these need be worrisome breaches).

The really telling stat here is not how common breaches are but rather that employees (and contractors, including outsourcing partners) are by far the most common avenue for data loss. The vast majority of those are inadvertent -- think about those reports of lost laptops and reams of personal information simply thrown into the Dumpster -- with just 26 percent of companies claiming losses due to malicious employees. Only about 2 or 3 percent of losses are due to outside hackers (I include social engineering in that tally).

Perhaps the worst news of all is that companies don't seem to have a good handle on data breaches (or even detecting when they occur), haven't improved methods for monitoring for breaches in recent years, and experience problems throughout the organization that contribute to such losses. The prognosis for radical improvement in the coming years? Grim.

Read the full report here (registration required, PDF).

Comments on 97% of corporate data breaches are due to employees

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by killaonmocospace on Thu Sep 3, 2009 4:51PM EDT Report Abuse

    I totally agree. I didnt even have to read the whole thing before I realized something. In my opinon you are correct, from the servey (though there are some things that are not taken into factor) most errors would seem to be due to employee errors, not the crooks, what really gets my goat, is that there shouldn't be crooks in the first place. In my kind of world, for every bad habit, there is an outlet. Don't worry, I'm thinking of something.

More Posts: 1

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.