While companies must always protect against cyberattacks by outsiders, they must also be more diligent about cybersecurity incidents that involve employees, whether accidental or intentional.
Nearly three-fourths (73%) of companies have been affected by internal information security breaches, and the largest single cause of confidential data losses is employees (42%), according to the IT Security Risks Survey released Monday by Kaspersky Lab and B2B International.
The survey reported cases of accidental data leaks (28%) and intentional leaks of valuable company data (14%). In addition, 19% of respondents said that at least one of their employees loses a mobile device containing corporate data at least once a year.
The survey found that 15% of organizations encountered situations where company resources, including finances, were used by employees for their own purposes. Small and medium-size businesses lose up to $40,000 on average from fraudulent activity by employees, while larger companies lose more than $1.3 million on average.
Twenty-one percent of companies affected by internal threats lost valuable data that subsequently had an effect on their business.
“It’s no secret that a security solution alone is not enough to protect a company’s data, and the results of this study confirm that,” Kaspersky Lab’s head of endpoint product management Konstantin Voronkov said in a press release.
“What’s required is an integrated multi-level approach powered by security intelligence and other supplementary measures. These measures may include the use of specialized solutions and the introduction of security policies, such as restricting access rights.”
The survey polled more than 5,500 IT specialists from more than 25 countries