The introduction of GDPR has led to a drop in insider cyber threats, new research has suggested.
Security company Clearswift found that the percentage of insider cyber incidents as a proportion of all incidents reported, dropped across the UK, making up 65 per cent, compared to 73 per cent last year.
Germany has had similar results – from 80 per cent last year, to 75 per cent this year.
Direct threats from an employee now represent 38 per cent of all incidents. Threats from ex employees make up 13 per cent of all incidents.
“Although there’s a slight decrease in numbers in the EMEA region, the results once again highlight the insider threat as being the chief source of cyber security incidents. Three quarters of incidents are still coming from within the business and its extended enterprise, far greater than the threat from external hackers. Businesses need to shift the focus inwards”, said Dr Guy Bunker, SVP Products at Clearswift.
Employees believe almost two thirds of all incidents (62 per cent) are not done on purpose.
“I think at the very least what GDPR has done is ensure firms have a better view of where critical data sits within their business and highlighted to employees that data security is an issue that is now of critical importance, which may be why we’ve seen a drop in the insider threat across EU countries. If a firm understands where the critical information within the business is held and how it is flowing in and out of the network, then it is best placed to manage and protect it from the multitude of threat vectors we’re seeing today.”
Image source: Shutterstock/alexskopje