February 08, 2005

Most network security breaches are caused by insiders, rather than by hackers, viruses, or worms, according to a new study released by the think tank Ponemon Institute.

In the study, 69% of companies reported that their data security breaches were the result of either malicious employee activities or non-malicious employee error. The leading single cause of data security breaches was non-malicious employee error, at 39%. Only 16% of serious data leaks were linked to hackers or break-ins. Of the 163 companies surveyed, 75% reported that a serious security breach had occurred within the past year.

The survey also covered the most common types of data security breaches. Most data breaches involve the loss of confidential business information, followed closely by the loss of personal customer information. According to the survey:

  • 39% of data breaches involved confidential business information.
  • 27% of data breaches involved personal information about customers.
  • 14% of data breaches involved intellectual property including software source code.
  • 10% of data breaches involved personal information about employees.

"The rise in identity theft and cyber crime has made data security a top-of-mind issue for many Americans as well as corporations," Larry Ponemon of the Ponemon Institute said in a statement. "Companies spend considerable resources to combat outsiders, and the data suggests they are successful. However, companies have begun to realize that to protect customer trust, company brand and competitive secrets, they must now focus on the threat within."