Employee Negligence Cited as Leading Cause of Company Data Breaches

Here’s something no IT pro wants to hear: Despite efforts to ramp up digital security, corporate data breaches are becoming even more common.

Nearly one in two companies (43%) fell victim to a data breach last year, notes a report by the Ponemon Institute, an organization which specializes in research on privacy, data protection and information security policy. That’s up 10% from the previous year’s study.

So what’s driving this increase? Is it that hackers are just that good at staying one step ahead of the IT and security pros charged with keeping them out? Not necessarily, according to Michael Bruemmer, vice president of the data breach resolution group at Experian, a credit information company.

In fact, Bruemmer said roughly 80% of the data breach cases his group handles had an internal root cause: employee negligence. This could be anything from employees sharing their passwords to getting duped by a spear-phishing attempt to something like a misplaced flash drive. All things which can make a data thief’s life easy.

Perhaps part of the reason employees seem so reckless when it comes to digital security is that their companies aren’t doing enough to drive home the seriousness of the issue.

Even though it seems like every other day there’s a story on the news about an organization’s digital security being compromised, many companies don’t have a plan in place to deal with a breach. Roughly 27% of companies lack a data response plan.

That’s down from 39% who said they didn’t have one in last year’s study, so while 27% is still too many, at least the trend shows companies are starting to take the issue more seriously.

However, just having a plan isn’t enough. That plan needs to be tested and updated to make sure it stay relevant and that employees know it inside and out, just like schools do with fire drills. That way if the worst should happen, everyone will have an idea of what to do.

Many companies are skimping out on regularly testing and updating their response plans. According to the study, only 3% of organizations say they review the action plan each quarter. Even more troubling? Roughly 37% said they hadn’t reviewed or updated their plan since they first wrote it up!

If leaders aren’t taking the time to review these plans with their teams, it can send the message to employees that digital security isn’t something they need to be worried about. Once employees have let their guards down, they can easily fall into any of the bad habits listed above that hackers just love to see.

Companies can’t afford to take any chances with data safety. The consequences of the Home Depot breach, which affected approximately 56 million customers and was one of the year’s biggest security disasters, are only just starting to come into focus. Banks and financial institutions have just begun reporting fraudulent transactions and purchases stemming from personal data acquired as a result of the breach.

Be sure you’re regularly setting aside time to review your response plans not just as a leadership team, but with employees as well. These same sessions can also be used to remind everyone about security basics like password and email safety.

Of course, there’s no way to be 100% completely safe from hackers at all times, but at least this way you can be confident no one in your organization is making things easy on cyber crooks.