TMCnet News

New Research Reveals Finance and Human Resource Departments Believed to Pose Biggest Security Risk to Organizations
[September 03, 2015]

New Research Reveals Finance and Human Resource Departments Believed to Pose Biggest Security Risk to Organizations


Clearswift (News - Alert), a global cybersecurity innovator and data loss prevention provider, today disclosed new research that demonstrates Finance and Human Resources (HR) departments are thought to represent the biggest information security threat to organizations with nearly half of respondents (46 percent) indicating that finance departments posed a security threat to their organization and 39 percent said the same of HR. This data was drawn from research conducted by technology research firm Loudhouse on behalf of Clearswift. Loudhouse polled over 500 information technology decision makers and 4000 employees to determine that male, office-based middle managers in the finance department are viewed as most likely to present an internal security threat, accidental or malicious, by their employers.

"Senior managers are generally in tune with the consequences of data loss, while junior people often don't have access to the kind of data that can cause disasters," said Heath Davies, chief executive officer, Clearswift. "Middle aged, middle managers are in between - having access to the data, but no obvious stake in the consequences of losing it. They are also more likely to be under time and financial pressure, and so may be more inclined to take risks. This makes them more likely to make mistakes or even succumb to foul play."

These concerns relate to the potential for mistakes made by employees within Finance and HR, such as accidently sending personal (salaries, social security numbers, bank accounts, etc.) or proprietary (contracts, customer details, etc.) information to the wrong person(s), as well as inadvertently installing malware similar to those behind countless headline-making data breaches, including last year's eBay (News - Alert) attack which exposed millions of customer passwords. This perceived risk could be because these departments have accss to very sensitive data. However, the results suggest cultural factors also make people in these departments a higher risk since Legal and Compliance, which have access to equally sensitive data, were considered a much lower risk (only 19 percent of respondents expressed security concerns).



Supporting Statistics:

  • 33 percent of respondents believe middle management presents the biggest security threat (compared to 19 percent for senior management and 16 percent for executives)
  • 49 percent of respondents believe that permanent employees are more likely to cause a breach
  • 79 percent of respondents believe that male employees are more likely to cause a breach than female
  • 69 percent of respondents believe office-based employees are most likely to cause a breach than those working remotely
  • 28 percent of respondents indicated that those aged 35-44 were most likely to be behind malicious data theft
  • 88 percent of companies questioned had experienced a security incident in the last 12 months, of which 73 percent were from people they knew: employees, past employees or customers/suppliers
  • U.S. security professionals estimated 54 percent of the workforce is in a position where they might cause an accidental security breach, while 5 percent are seen as having the potential to cause a malicious one

"Despite all the security worries about people working out of the office on whatever devices they want, those in the office actually have easier access to sensitive data, so are more likely to lose it," explains Davies. "We're not proposing targeting individuals, but if you can understand the combination of factors that make certain people in certain roles more of a risk, you can focus your resources on ensuring those breaches don't happen. For example, you could provide tailored security training or put in more sophisticated layers of security around particular segments of the business. Cybersecurity is a constant balancing act between maintaining security and the freedom to collaborate. We live in a complex, changing world and threats will be different in different parts of the organization. With detailed understanding of the true nature of the threats from inside their own organizations, and adaptive security technology, companies are in a much better position to identify the challenges and deploy the right solutions in the right places."


About Clearswift

Clearswift is trusted by organizations globally to protect their critical information, giving them the freedom to securely collaborate and drive business growth. Our unique technology supports a straightforward andĀ adaptive data loss prevention solution, avoiding the risk of business interruption and enabling organizations to have 100 percent visibility of their critical information 100 percent of the time. For more information on Clearswift, visit http://www.clearswift.com/.


[ Back To TMCnet.com's Homepage ]