Careless employees cause 80% of Australian data losses: report

Proofpoint has released its inaugural Data Loss Landscape report, which explores how current approaches to data loss prevention (DLP) and insider threats are holding up against current macro challenges such as data proliferation, sophisticated threat actors and generative artificial intelligence (GenAI). The findings reveal that data loss is a problem stemming from the interaction between humans and machines — ‘careless users’ are much more likely to cause those incidents than compromised or misconfigured systems.

While organisations are investing in DLP solutions, Proofpoint’s report shows that those investments are often inadequate, with 80% of surveyed organisations in Australia experiencing data loss in the past year. More than 90% of those affected faced a negative outcome such as business disruption and revenue loss (reported by more than 54% of affected organisations) or reputational damage (46%). Yet, surprisingly, data from Proofpoint’s Information Protection platform reveals that on a global level, only 1% of users are responsible for 88% of alerts.

“This research illuminates the most critical aspect of the data loss problem: its human causes,” said Ryan Kalember, Chief Strategy Officer, Proofpoint. “Careless, compromised and malicious users are, and will continue to be, responsible for the vast majority of incidents, all while GenAI tools are absorbing common tasks — and gaining access to confidential data in the process. Organisations need to rethink their DLP strategies to address the underlying cause of data loss — people’s actions — so they can detect, investigate and respond to threats across all channels their employees are using including cloud, endpoint, email and web.”

The consequences of malicious actions can be costly. 34% of Australian respondents said malicious insiders such as employees or contractors were behind data loss incidents, while departing employees were identified as one of the riskiest user categories. Malicious actions and departing employees who seek to harm the organisation can have even greater implications than careless insiders because these individuals are motivated by personal gains.

“The average cost of a data breach in Australia is now $4 million, which has increased by 32% in the last five years,” said Jennifer Cheng, Director, Cybersecurity Strategy, Asia Pacific and Japan, Proofpoint. Despite the Australian Government’s plan to invest $586.9 million to support organisations as part of their new cybersecurity strategy, it is clear more needs to be done at an individual level to prevent data loss.”

The 2024 Data Loss Landscape report examines third-party survey responses from 600 security professionals at organisations with 1000 or more employees across 17 industries from 12 countries. These insights were supplemented with data from Proofpoint’s Information Protection platform and Tessian, which Proofpoint acquired last October, to convey the scale of the data loss and insider threats that organisations face.

Key Australian findings include:

• Data loss is a widespread yet preventable problem: Organisations experienced the equivalent of more than one incident per month (a mean of 19 data loss incidents per Australian organisation in the past year), and 66% of respondents said the main cause was careless users. Carelessness includes misdirecting emails, visiting phishing sites, installing unauthorised software and emailing sensitive data to a personal account. These are all preventable behaviours that could be mitigated with practices such as implementing DLP policy rules for email, web uploads, cloud file synching and other common data exfiltration methods.
• Privileged users are the riskiest: 70% of Australian respondents identified employees with access to sensitive data, such as HR and finance professionals, as representing the greatest risk of data loss. Additionally, Proofpoint data shows that globally, 1% of users are responsible for 88% of data loss events. These findings indicate that organisations must prioritise best practices such as using data classification to identify and protect business-critical data and the ‘crown jewels’, as well as monitoring people with access to sensitive data or admin privileges.
• Departing employees were identified as one of the riskiest user categories: Departing employees do not always think they are acting maliciously — some simply feel entitled to leave with information they have produced. Global Proofpoint data shows that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventive strategies such as implementing a security review process for this user category.
• Organisations’ data loss prevention programs are maturing: While many programs were initially implemented in response to legal regulations, 63% of survey participants in Australia cited protection of customer and employee privacy as the primary driver. Protecting intellectual property (47%) and meeting internal compliance standards (43%) were the second and third drivers for establishing a DLP program.
   

Globally, generative AI is the fastest growing area of concern: tools such as ChatGPT, Grammarly, Bing Chat and Google Gemini are increasing in power and utility, and more users are inputting sensitive data into these applications. Browsing GenAI sites has become one of the top five DLP and insider threat alert rules configured by organisations using Proofpoint’s Information Protection platform.

“Emerging channels underscore the importance of regularly reviewing DLP programs, as these types of rapid developments change user behaviours,” Kalember said. “Strategies such as implementing purpose-built DLP platforms can help advance security programs by enabling security teams to gain full user and data visibility into all incidents and address the full spectrum of human-centric data loss scenarios. Humans are a critical data security variable — and data loss prevention programs must recognise this.”

Image credit: iStock.com/Chainarong Prasertthai