Businesses’ own employees are a bigger threat to the security of their data than external attackers, new research shows.
A survey of the country’s data protection professionals shows workers are the biggest risk factor when it comes to protecting company data with 45% of respondents laying the largest proportion of the blame for data breaches at their door.
This comes despite an increasingly sophisticated network of cyber criminals regularly taking aim at companies.
Although near to nine in 10 business have an information security policy, a third have had a data breach in the last 12 months.
Of those attacks, more than 70% were caused by employee negligence.
Workers were identified by close to half of the data protection professionals as the biggest risk to data security, followed by external attackers and end user devices containing sensitive material.
Commenting on the results of the research carried out by the Association of Data Protection Officers, Irish Computer Society data protection consultant Lanre Oluwatona said the statistics provided a valuable insight into threats at a time of uncertainty in the industry.
“This survey marks the next important step in creating an objective body of knowledge to work from within the field.
"Data protection, privacy and cyber security are topics constantly evolving, each with its own challenges, so statistics of this kind are vital in helping organisations adapt to changing needs,” Mr Oluwatona said.
The survey shows, however, the level of formal data protection training has increased with more than 55% of workers now claiming to have the right level of knowledge to meet their organisation’s’ objectives.
Some 40% of companies feel unprepared for the new EU Data Protection Regulation.
The new regulation requires mandatory data protection officers for public authorities and large private companies while authorities must also be notified of a serious security breach within 24 hours if “feasible”.
Changes also provide for fines of up to 2% of global turnover to be levied against companies in breach of certain rules.
This is likely to make companies wake up to the issue of data protection, said PwC cyber security expert Kris McConkey.
“For larger corporations,” Mr McConkey said, “that could be enormous”.
© Irish Examiner Ltd. All rights reserved