• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Employee Negligence Cited as Leading Cause of Company Data Breaches

Here’s something no IT pro wants to hear: Despite efforts to ramp up digital security, corporate data breaches are becoming even more common.

Nearly one in two companies (43%) fell victim to a data breach last year, notes a report by the Ponemon Institute, an organization which specializes in research on privacy, data protection and information security policy. That’s up 10% from the previous year’s study.

So what’s driving this increase? Is it that hackers are just that good at staying one step ahead of the IT and security pros charged with keeping them out? Not necessarily, according to Michael Bruemmer, vice president of the data breach resolution group at Experian, a credit information company.

In fact, Bruemmer said roughly 80% of the data breach cases his group handles had an internal root cause: employee negligence. This could be anything from employees sharing their passwords to getting duped by a spear-phishing attempt to something like a misplaced flash drive. All things which can make a data thief’s life easy.

Perhaps part of the reason employees seem so reckless when it comes to digital security is that their companies aren’t doing enough to drive home the seriousness of the issue.

Even though it seems like every other day there’s a story on the news about an organization’s digital security being compromised, many companies don’t have a plan in place to deal with a breach. Roughly 27% of companies lack a data response plan.

That’s down from 39% who said they didn’t have one in last year’s study, so while 27% is still too many, at least the trend shows companies are starting to take the issue more seriously.

However, just having a plan isn’t enough. That plan needs to be tested and updated to make sure it stay relevant and that employees know it inside and out, just like schools do with fire drills. That way if the worst should happen, everyone will have an idea of what to do.

Many companies are skimping out on regularly testing and updating their response plans. According to the study, only 3% of organizations say they review the action plan each quarter. Even more troubling? Roughly 37% said they hadn’t reviewed or updated their plan since they first wrote it up!

If leaders aren’t taking the time to review these plans with their teams, it can send the message to employees that digital security isn’t something they need to be worried about. Once employees have let their guards down, they can easily fall into any of the bad habits listed above that hackers just love to see.

Companies can’t afford to take any chances with data safety. The consequences of the Home Depot breach, which affected approximately 56 million customers and was one of the year’s biggest security disasters, are only just starting to come into focus. Banks and financial institutions have just begun reporting fraudulent transactions and purchases stemming from personal data acquired as a result of the breach.

Be sure you’re regularly setting aside time to review your response plans not just as a leadership team, but with employees as well. These same sessions can also be used to remind everyone about security basics like password and email safety.

Of course, there’s no way to be 100% completely safe from hackers at all times, but at least this way you can be confident no one in your organization is making things easy on cyber crooks.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}