Most organizations unprepared for data theft by employees

Register now

As organizations spend billions of dollars a year trying to protect their data from hacking, they face another threat closer to home—data theft by their own employees.

That’s one of the findings in a survey published by management consultant Accenture and HfS Research on Monday.

Of 208 organizations surveyed, 69 percent “experienced an attempted or realized data theft or corruption by corporate insiders” over the past 12 months, the survey found, compared with 57 percent that experienced similar risks from external sources. Media and technology firms, and enterprises in the Asia-Pacific region reported the highest rates—77 percent and 80 percent, respectively.

“Everyone’s always known that part of designing security starts with thinking that your employees could be a risk, but I don’t think anyone could have said it was quite that high,” said Omar Abbosh, Accenture chief strategy officer.

Each year, businesses and organizations spend an estimated $84 billion to defend against data theft that costs them about $2 trillion, and that damage could rise to $90 trillion a year by 2030 if current trends continue, Abbosh predicted.

He recommended that organizations change their approach to cybersecurity by cooperating with competitors to develop joint strategies to outwit increasingly sophisticated cyber-criminals.

“There’s a huge business rationale to share and collaborate,” Abbosh said. “If one bank is fundamentally breached in a way that collapses its trust with its customer base, I could be happy and say they’re all going to come to me, but that’s a false comfort (because) it pollutes the whole sphere of customers, because it makes everyone fearful.”

Despite recent high-profile data breaches of Sony Corp., Target Corp. and the U.S. Office of Personnel Management, many organizations do not yet consider cybersecurity a top priority, Accenture found. Some 70 percent of the survey’s respondents said they lacked adequate funding for technology, training or personnel needed to maintain their company’s cybersecurity, while 36 percent said their management considers cybersecurity “an unnecessary cost.”

For reprint and licensing requests for this article, click here.