Skip to main content

Forget hackers, watch out for your employees

Organisations should be fearing their own employees more than hackers, a new report says, because it's the employees who are putting the company at so much more cybersecurity risk. This is according to a report by CEB, a best practice insight and technology company. Hackers might be a problem, but not complying with privacy policies and moving files outside the company-controlled network is a much bigger issue. 

But employees are doing it all the time, mostly because they find it convenient.  Every year, the average Fortune 1000 company spends roughly £325,000, notifying customers and employees about privacy failures. The worst part is – these are just reported failures, the report says, suggesting there is probably a significant amount of those that go unnoticed. Employee actions (intentional, but not malicious) account for almost half (45 per cent) of internal privacy failures. 

“While spending on information security has dramatically increased over the last decade, companies are overlooking a bigger cause of breaches – employee behavior,” said Brian Lee, Data Privacy practice leader, CEB (opens in new tab)

“Investing in technology to improve security is essential, however organisations also need to ensure that employees are doing their part to protect sensitive information.” “Employees will often work around controls – especially ones they feel are onerous – as a way to make their job easier,” said Lee. 

“This ’rationalised noncompliance’ can not only increase privacy risks, but even jeopardise corporate strategy and ultimately growth. Establishing a more balanced approach to information governance – one that complements technological controls with prudent and relevant privacy policies that employees can easily follow – will allow companies to effectively use the information they collect and protect against a damaging data breach.” 

CEB suggests organisations should avoid collecting unnecessary data and build privacy into business workflows, making it easier for employees to comply with the requirements.       

Image Credit: Den Rise/Shutterstock

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.