THEALE, UK and MOUNT LAUREL, N.J. – November 18, 2015 – Clearswift, a global cyber security innovator and data loss prevention specialist,has released their annual Clearswift Insider Threat Index (CITI) exploring why firms have been slow to address internal security threats and including data from extensive research into the security priorities and awareness of over 500 IT decision makers and 4,000 employees across the UK, US, Germany and Australia. The report provides comprehensive ‘insider threat intelligence’ on the risks insiders pose to their organizations, and can be used to help inform decision making on security policy, technology and process.
"The detachment between the front line security professionals and Board members within an organization is particularly worrying in the wake of recent high profile cyber breaches across the globe already this year,” said Heath Davies, CEO at Clearswift. “Cyber-attacks are a major problem and it’s time for Boards to take a proactive stance on this. Companies need a clear, coherent, adaptive strategy which encompasses people, processes and technology, and this mandate needs to come from the top.”
Designed to help companies understand the true nature of internal security risks and aid in developing strategies, the Clearswift Insider Threat Index gives insight into specific areas of concern, such as how likely employees are to lose data, and how the changing nature of work affects the risks. Companies surveyed were keenly aware that there is a looming threat from the extended enterprise, with 40 percent of firms expecting a data breach in the next 12 months, as a result of employee behavior and employees indicating widespread lack of awareness of good cyber security practice.
Key findings from the study show that employee awareness is a major part of the problem:
- 92 percent of organizations in the U.S. have experienced a data breach on some level in the last 12 months – of these, 40 percent say they have seen growth in the number of internal breaches.
- 75 percent of global employees believe their company provides inadequate levels of information about data policies and what is expected of them.
- 58 percent of global employees lack understanding of what might actually constitute a security threat from within their organization.
- 72 percent of global security professionals believe internal security threats are still not treated with the same level of importance as external threats by the Board.
- 50 percent of global employees admit that they disregard data protection policies at work in order to get their job done.
- 73 percent of breaches have originated from within the extended enterprise globally in the last year.
“Companies with good, existing data protection habits and a well thought through data security policy are in better shape to survive a breach, whether internal or external. The insider threat represents a ticking time-bomb for businesses and one, it seems, that they are unprepared for,” added Dr. Guy Bunker, Vice President of Products at Clearswift. “With the ‘insider threat intelligence’ provided by the CITI report, those responsible for keeping critical information secure can get inside the mind-set of their ‘enemy within’ well enough to create a playbook of approaches that helps them defend against both inadvertent and premeditated actions that could compromise their most critical of information.”
The CITI results show a startling disconnect between IT and employees. These attitudes highlight an imperative for organizations to make training employees in security protocols and policies a priority area for the safety and security of the business. Additionally, results suggest that companies need to do an aggressive overhaul of security protocols and training in order to impact employee attitudes, which are one of the most common causes of internal security breaches.
About Clearswift
Clearswift is trusted by organizations globally to protect their critical information, giving them the freedom to securely collaborate and drive business growth. Our unique technology supports a straightforward and adaptive data loss prevention solution, avoiding the risk of business interruption and enabling organizations to have 100 percent visibility of their critical information 100 percent of the time. For more information on Clearswift, visit http://www.clearswift.com/.
