Companies are increasing technology investments to protect against external data breaches, but employees pose a bigger threat than hackers according to CEB. To mitigate the rising costs of breaches, organizations need to reduce the burden of complying with privacy policies.
Due to the advent of cloud-based productivity tools and the increase in collaboration between employees, more data is changing hands and leaving company-controlled networks than ever before. In fact, almost two-thirds of employees report regularly using personal technologies for work, primarily for the sake of convenience. For example, sending a file from their company computer to a personal email account to work while they are not in the office.
In choosing convenience and productivity over security, employees put sensitive data at risk – and the costs are significant, the survey found. The average Fortune 1000 company already spends more than $400,000 notifying customers and employees of privacy failures each year, and that's only for the failures that are reported. Forty-five percent of internal privacy failures are caused by intentional but non-malicious employee actions.
"While spending on information security has dramatically increased over the last decade, companies are overlooking a bigger cause of breaches – employee behavior," said Brian Lee, Data Privacy practice leader, CEB. "Investing in technology to improve security is essential, however organizations also need to ensure that employees are doing their part to protect sensitive information."
"Employees will often work around controls – especially ones they feel are onerous – as a way to make their job easier," said Lee. "This 'rationalized noncompliance' can not only increase privacy risks, but even jeopardize corporate strategy and ultimately growth. Establishing a more balanced approach to information governance – one that complements technological controls with prudent and relevant privacy policies that employees can easily follow – will allow companies to effectively use the information they collect and protect against a damaging data breach."
More details available at https://www.cebglobal.com/home.html