Would you believe, employees are the biggest cause of data breaches

It’ll be interesting to gauge, statistically of course, the difference between the level of investment that goes in developing strategies, performing regular audits of procedures and investing in security systems aimed at reducing data management breaches coming from outside sources, than those which originate from within.

In other words, are we in the risk management and information security industry more inclined to place a potentially unnecessary emphasis on snubbing out cyber attacks and viruses from non-native sources, than on mistakes made by ‘our own’?

The question may be construed as provocative, but its purpose is not to assail organisations – or for that matter staff – but to understand what the status quo is. We only ask because a new study done in collaboration with Symantec and the Ponemon Institute has revealed that in the US, “negligent insiders” have been found to be the top cause of data breaches. And some of these are deliberate, or malicious, to use a more accurate word.

So, the details: 39 per cent of organisations that took part in the study said data breaches are a result of carelessness; malicious or criminal attacks account for a third of all breaches; those who employ a chief information security officer (CISO) can reduce cost of data breach significantly; and, positively, fewer customers jump ship when such a breach occurs: they stay loyal.

With regards to employing a CISO as one of the key staff members of an organisation, we reckon this is something that will become a lot more prevalent in the foreseeable future. Like, for example, hiring someone to look after finances fulltime, which many businesses already do, CISOs will become part of the norm. This is the information age.

The report estimates that if an organisation appoints an expert and gives him responsibility for protecting data, the average cost of a data breach can be reduced by an astonishing $80 (approximately £50.7) per compromised record. Even hiring via contract – i.e. outsourcing – is highly cost-effective.

“One of the most interesting findings of the 2011 report was the correlation between an organisation having a CISO on its executive team and reduced costs of a data breach,” commented Dr Larry Ponemon, chairman and founder of the Ponemon Institute. “As organisations of all sizes battle an uptick in both internal and external threats, it makes sense that having the proper security leadership in place can help address these challenges.”

In the meantime, it is worthwhile up-skilling and educating those about the importance of best practice, highlighting shortcomings that can lead to data breaches and advising staff on how to be careful with the way they deal with data. After all, not every business has the luxury of being in a position to be able to afford hiring a specialist.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy