Forrester: Most data breaches caused by employees

Loss, theft and misuse rather than hacking remain the biggest problem
  • John E Dunn (Computerworld UK)
  • — 24 September, 2012 18:17

Most data breaches are caused by mundane events such as employees losing, having stolen or simply unwittingly misusing corporate assets, a Forrester Research report has found.

After questioning over 7,000 IT executives and ordinary employees across North America and Europe, 31 percent cited simple loss or theft as the explanation for data breaches they had experienced, ahead of inadvertent misuse by an employee on 27 percent.

External attack was mentioned in 25 percent of cases with abuse by malicious insiders on 12 percent. The same selection of causes was cited at much lower levels for business partners.

"Whether their actions are intentional or unintentional, insiders cause their fair share of breaches," said the authors. "Other common sources of breach include loss or theft of corporate assets, such as laptops or USB drives, and external attacks that target corporate servers or users."

Predictably, the arrival of mobile devices and the consumerisation of IT hasn't helped matters.

Most organisations formulate policies for securing mobile devices but, paradoxically, lack enough tools to enforce them.

Thirty-nine percent worried about a lack of data leak prevention on mobile devices, with half concerned about the consequences of old-fashioned theft. Thirty percent thought there wasn't sufficient separation between consumer and corporate data on mobile devices.

The commonest form of mobile device security is password entry plus remote lock and wipe with almost a quarter admitting they haven't started using any form of data protection at all.

"It's not simply just a matter of having the appropriate tools and controls in place. It's worth noting that only 56 percent of information workers in North America and Europe say that they are aware of their organisation's current security policies," said the authors.

When data is breached, personal (employee and customer) data accounted for 22 percent of cases reported, with IP not far behind with 19 percent and user credentials such as logins in 11 percent.

Forrester's findings probably confirm a simple maxim that data breaches are often accidental rather than malicious. What it doesn't speculate on is whether internal breaches are necessarily the most serious.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Gateway Security

Real-time Protection from Real-world Threats

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »