Hackers not responsible for corporate data loss

Study shows outside hackers responsible for one per cent of attacks.

A new survey of IT professionals has shown how external hackers have very little responsibility for corporate data leaks.

The survey found that data breaches within companies were caused by inside staff in 75 per cent of cases, compared to just one per cent by outside hackers. Overall 79 per cent of US companies suffered at least one data breach last year.

"Enterprises must recognise that simply trusting employees will inevitably prove detrimental to their security, their risk postures and their business interests," wrote Perry Carpenter, research director at Gartner.

"A mixture of tried-and-true security practices, security awareness, and low and high-tech toolsets will provide the most effective and comprehensive defense against the insider threat."

Overall 41 per cent of breaches occurred on mainframes, which raised serious concerns since 80 per cent of the world’s data is stored on such systems.

The survey interviewed 3,596 IT professionals in the US, UK, France and Germany with an average of nearly nine years of experience.

Overall the US led in the incidence of data breaches, with France second at 63 per cent and the UK third at 55 per cent. Only 39 per cent of German companies only suffered breaches last year.

In the UK hacking was slightly more prevalent, accounting for three per cent of breaches, compared to 37 per cent by malicious insiders, and 63 per cent by negligent insiders. Interestingly 25 per cent came from outsourcing suppliers.

There was also a distinct lack of accountability in breaches within companies. Over half of those questioned said that no one person was held to account over breaches, with the chief information officer taking the blame in just 25 per cent of cases.