VB Staff 
We look forward to presenting Transform 2022 in person again on July 19th and virtually from July 20th to 28th. Join us for insightful conversations and exciting networking opportunities. Register today!
According to a new survey by the Ponemon Institute, sponsored by email security company Tessian, three out of five companies have experienced data loss or exfiltration in the last 12 months caused by an email employee error. The survey of 614 IT security professionals around the world also found that email is the most risky channel for data loss in organizations, according to 65% of security professionals.
The survey found that employee negligence (due to non-compliance with policies) is the leading cause of data loss incidents, while over a quarter (27%) of incidents come from malicious insiders. The intentional data theft is also taking its toll on IT teams, as the data revealed it took security and risk management teams up to three days to detect and remediate a data loss incident caused by a malicious insider via email.
The most common types of confidential and sensitive information lost or intentionally stolen include: customer information (61%); intellectual property (56%); and consumer information (47%). User-generated data (sensitive email content, text files, M&A documents), regulated data (credit card details, social security numbers, national ID numbers, employee details), and intellectual property have emerged as the three most difficult types of data to protect from data loss.
Businesses can’t protect what they can’t see, and lack of visibility into sensitive data that employees transfer from the network to their personal email was cited as the most common barrier (54%) to preventing data loss. Additionally, the majority of organizations (73%) are concerned that employees do not understand the sensitivity or confidentiality of data they share via email.
Despite these risks, organizations do not have adequate training. While 61% have received security awareness training, only about half of IT security leaders say their programs adequately address the sensitivity and confidentiality of data employees can access via email.
According to Josh Yavor, Tessian’s CISO, security awareness training that deals directly with common types of data loss and a security culture that builds trust among employees will ultimately help limit the amount of data flowing out of an organization.
Read the full report from Tessian and the Ponemon Institute.
VentureBeat’s mission is intended to be a digital marketplace for technical decision makers to acquire knowledge about transformative enterprise technology and to conduct transactions. Learn more about membership.
