Insiders cause 75% of data security breaches

Firms focus on preventing IT accidents, but insider theft is where the money is.

Data security incidents related to accidental losses and mistakes are common but cause little quantifiable damage. By contrast, employee theft of sensitive information is 10 times costlier on a per-incident basis than any single incident caused by accidents: hundreds of thousands of dollars versus tens of thousands.

In analyzing the security practices of more than 300 North American, European, and Australian enterprises, Forrester Consulting confirmed several long-standing hypotheses about data security programs in large companies.

We confirmed that, indeed, increased collaboration increases data security’s importance, and that compliance pressures continue to be the motor that turns the IT security budget wheel.

We also confirmed the conventional wisdom that, 75% of the time, data security incidents are attributed to insiders.

However, we also reached some surprising conclusions. Forrester concluded that not all enterprises are created equally. High-value firms manage information that is 20 times more valuable than low-value firms. And they are much more eager collaborators. As a result, the number and type of data security incidents experienced by high-value firms were four times higher, and the costs are nearly twice as high.

The Value Of Corporate Secrets: How compliance and collaboration affect enterprise perceptions of risk http://www.rsa.com/products/DLP/ar/10844_5415_The_Value_of_Corporate_Secrets.pdf