Cyber Security Institute

Tuesday, September 12, 2006

Survey: Most insider-related data breaches go unreported

Most insider-related security breaches go unreported, according to a new survey by Ponemon Institute LLC in Elks Rapids, Mich.  The main reason that happens is because companies don’t have the resources to tackle the issue, according to the National Survey on Managing the Insider Threat, sponsored by ArcSight Inc., an enterprise security management company in Cupertino, Calif.  “We found that many of the respondents in our study found that it was difficult, if not impossible, to identify all data breaches that exist—and over 79% of the respondents said one, if not more, insider-related security breaches at their companies go unreported,” said Larry Ponemon, chairman of Ponemon Institute.  Approximately 93% believe that the No. 1 barrier to addressing the data breach risk is the lack of sufficient resources, and 80% cited a lack of leadership, he said.

“Because it’s insider-related normally, involving a careless or negligent employee [and] not an evil employee, maybe they are more likely to go unreported because people know each other, and maybe because people know each other, they say it was a mistake and maybe in the future they’ll fix it.”

More than 61% of the survey respondents said that accidental data leaks occur “frequently” or “very frequently” because employees or contractors lack sufficient knowledge about preventative measures or because employees or contractors are careless.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003211