Nearly one in four employees think they may have put highly sensitive data at risk in the past 12 months

Western Digital has released data (LINK) exploring the attitudes and behaviours of over 2,000 employees (data users) and employers (data managers) around highly sensitive data in Europe and the Middle East. Research found that 68 percent of data managers believe employee behaviour is a bigger threat to their highly sensitive data than external hackers, and that one in four data security incidents is estimated to have originated with employees.

  • 2 years ago Posted in

In summer 2021, Western Digital conducted a research among 737 data managers and 1467 data users across the UK, Italy, France, Germany, Spain, Saudi Arabia and the UAE. Respondents work in media and entertainment, the public sector, legal professional services, healthcare and financial services, and in business ranging in size from small (10-99 employees) to enterprise (5000+ employees).

Data uses are aware of the risks. In fact, 22 percent of data users surveyed think they have put highly sensitive data at risk in the past 12 months (either knowingly or accidentally). This is further confirmed by just under two thirds (62 percent) of managers stating that they have seen security threats and incidents increase over the same time period.

 

However, many data users continue to fall into the trap of using poor security practices, especially when it comes to data sharing and storage. More than half (55 percent) of data users have access to data they think they probably shouldn’t, this is worrying as 98 percent of data mangers think data security could be improved in how they store and transmit highly sensitive data.

 

Risky security practices

 

Remote and hybrid working styles have become the new norm with 89 percent of data users claiming that they work on collaborative projects that require data sharing. But, these collaborative and remote ways of working have introduced additional challenges and exposed some major risks. The top five risks cited by data managers are just the tip of the iceberg. Over two thirds (69 percent) of data users said that they share physical hard disks (HDDs) and solid-state drives (SSDs) with colleagues at work in order to share data. While, 26 percent of data users admitted to sharing their work devices with family and friends, and 27 percent admitted to taking sensitive data with them when they left an organisation.

 

Sharing data

 

There remains a clear gap in employee behaviour between the data sharing method used and their assumption of what the most secure way to share sensitive data is. The most common methods for sharing or transmitting highly sensitive data by employees were email (47 percent) and cloud or online file sharing (45 percent), ahead of HDD / SSD (31 percent) and USB drives (25 percent). These figures suggest ease of use and familiarity are key factors in the decision-making process for data users when it comes to how to share sensitive data.

 

However, 88 percent of data managers still want more control over how data is stored and shared. Coupled with the belief that data security needs immediate improvement, more than half of data managers (54%) intend to increase their use of HDDs and SSDs over the next two years, due to the encryption and security features these technologies can offer.

 

Some features that organisations believe are very important when it comes to using physical drives for highly sensitive data include: 

 

Consistent performance and reliability (66 percent)

Encryption (60 percent)

Enhanced control / being able to protect data remotely if the drive is lost or stolen (55 percent)

Large capacity (55 percent)

Improved authentication (50 percent)

 

Ultimately, 76 percent of data managers say HDDs or SSDs with encryption or security features address many of the concerns companies may have had about using physical drives for sorting and sharing sensitive data.

 

Ruben Dennenwaldt, Senior Product Marketing Manager EMEA at Western Digital concluded: "In today’s business environment, increased security risks, employee behaviour and the sheer volume of data produced, can make it difficult for organisations to stay on top of security and storage challenges. As technology advances, employees and employers are looking for ways to store and share sensitive data more securely. The combination of the right infrastructure, integrated with encryption platforms, to store and share sensitive data, and the education of employees of the threats they may be exposing their organisation to will go a long way to improving the threat landscape and reducing risk."

 

Regional stats

Italy

Only 9 per cent of Italian data users think they’ve put highly sensitive data at risk in the last 12 months

63 per cent of Italian data managers have seen data security threats and incidents increase in the last 12 months

69 per cent of Italian data managers agree that employee behaviour is a bigger threat to highly sensitive data than external hackers

Italian data managers estimate that just under a quarter (24 per cent) of security incidents originate from employees

The most common methods for sharing or transmitting highly sensitive data by Italian employees were cloud or online file sharing (51 per cent) and email (45 per cent), ahead of HDD / SSD (30 per cent) and USB drives (22 per cent)

 

France

Over a quarter (26 per cent) of data users in France think they’ve put highly sensitive data at risk in the last 12 months

61 per cent of French data managers have seen data security threats and incidents increase in the last 12 months

69 per cent of French data managers agree that employee behaviour is a bigger threat to highly sensitive data than external hackers

French data managers estimate that just under a quarter (24 per cent) of security incidents originate from employees

The most common methods for sharing or transmitting highly sensitive data by French employees were email (47 per cent) and cloud or online file sharing (36 per cent), ahead of USB drives (24 per cent) and HDD / SSD (23 per cent)

 

 

 

Germany

22 per cent of German data users think they’ve put highly sensitive data at risk in the last 12 months

54 per cent of German data managers have seen data security threats and incidents increase in the last 12 months

55 per cent of German data managers agree that employee behaviour is a bigger threat to highly sensitive data than external hackers

German data managers estimate that just under a third (30 per cent) of security incidents originate from employees

The most common methods for sharing or transmitting highly sensitive data by German employees were email (48 per cent) and cloud or online file sharing (46 per cent), ahead of post (24 percent) and USB drives (23 per cent). HDD / SSD were ranked the lowest in Germany at 19 percent

 

Spain

18 per cent of Spanish data users think they’ve put highly sensitive data at risk in the last 12 months

68 per cent of Spanish data managers have seen data security threats and incidents increase in the last 12 months

60 per cent of Spanish data managers agree that employee behaviour is a bigger threat to highly sensitive data than external hackers

Spanish data managers estimate that a quarter (25 per cent) of security incidents originate from employees The most common methods for sharing or transmitting highly sensitive data by Spanish employees were cloud or online file sharing (49 per cent) and email (36 per cent), ahead of HDD / SSD (34 per cent) and USB drives (26 per cent)

 

Saudi Arabia

Over a quarter (26 per cent) of data users in Saudi Arabia think they’ve put highly sensitive data at risk in the last 12 months

52 per cent of data managers in Saudi Arabia have seen data security threats and incidents increase in the last 12 months

78 per cent of data managers from Saudi Arabia agree that employee behaviour is a bigger threat to highly sensitive data than external hackers

Saudi Arabian data managers estimate that just over a quarter (27 per cent) of security incidents originate from employees The most common methods for sharing or transmitting highly sensitive data by employees in Saudi Arabia were email (48 per cent), cloud or online file sharing (41 per cent), and HDD / SSD (41 per cent), ahead of USB drives (21 per cent)

 

UAE

Over a third (37 per cent) of data users in the UAE think they’ve put highly sensitive data at risk in the last 12 months

69 per cent of data managers in the UAE have seen data security threats and incidents increase in the last 12 months

76 per cent of data managers from the UAE agree that employee behaviour is a bigger threat to highly sensitive data than external hackers

Data managers from the UAE estimate that over a third (36 per cent) of security incidents originate from employees The most common methods for sharing or transmitting highly sensitive data by employees in the UAE were email (50 per cent) and cloud or online file sharing (39 per cent), ahead of HDD / SSD (28 per cent) and USB drives (24 per cent)

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...