Logblog: Survey: Most insider-related data breaches go unreported

« PCI Standard Gets Teeth | Main | Big Fish Swallows Small Fish »

Survey: Most insider-related data breaches go unreported

A survey today from the Ponemon Institute says that most insider-related data breaches goes unreported:

"We found that many of the respondents in our study found that it was difficult, if not impossible, to identify all data breaches that exist -- and over 79% of the respondents said one, if not more, insider-related security breaches at their companies go unreported," said Larry Ponemon, chairman of Ponemon Institute. "Because it's insider-related normally, involving a careless or negligent employee [and] not an evil employee, maybe they are more likely to go unreported because people know each other, and maybe because people know each other, they say it was a mistake and maybe in the future they'll fix it."

This really makes the case for automation and real-time reporting and analytics on IT controls. The survey goes on to flag some other interesting points, notably that:

The respondents said they devote a considerable amount of their efforts to trying to prevent or control insider threats as part of their company's IT security risk management program. Approximately 10% said they spend more than half of their time on insider-related risks, and about 55% of respondents said they spend more than 30% of their time dealing with those issues, according to the survey.

Next generation Log Management and Intelligence solutions specifically reduce the human resource requirement in protecting information assets. According to The Ponemon Institute, "...the National Survey on Managing the Insider Threats calculated the average annual cost of insider data breaches at $3.4 million, and found that spending on technologies and programs aimed at addressing the insider threat seemed insufficient."

Source: Survey: Most insider-related data breaches go unreported

Posted September 12, 2006 in LogMatters , Security | Permalink