Whether it’s from an accidental leak of data or falling victim to a phishing attack, new data from email security vendor Egress puts the insider’s role in breaches into critical perspective.
Usually when we talk about an “insider” in the tech space, we’re talking about a malicious insider. But new data from Egress’ Insider Data Breach Survey 2021 report highlights how everyday insiders (read: your users) are one of the most common causes of data breaches.
According to the Egress report:
- 94% of organizations have experienced some form of data breach
- 84% of those breaches were directly caused by human error
- 74% were caused by employees breaking security rules/protocols
- 73% of orgs have experienced a phishing breach
Email is the most concerning conduit for 64% of IT leaders, as 55% of employees state they had received a phishing email in the last 12 months, and 27% have received one impersonating a senior employee.
In both cases of phishing-based attacks and accidental leaks, nearly one-thirds of IT leaders cite a lack of Security Awareness Training as the most likely cause of the resulting data breach. Having employees receive continual education on the latest phishing scams, social engineering tactics, and campaigns helps to keep them in a state of vigilance that helps to protect the organization from email-based threats.
From the data in the Egress report, users have a ways to go; training can be the means to help reduce the risk of insider-caused data breaches.