Employee error is one of the main causes of internal IT security incidents which lead to the leakage of confidential corporate data, according to the findings of the Global Corporate IT Security Risks 2013 survey conducted by B2B International in collaboration with Kaspersky Lab in 2013.
Although vulnerabilities in software used by company staff in their daily duties is one of the top reasons behind internal IT security incidents (with 35% of companies in South Africa reporting this issue), the volume of different types of incidents taking place due to staff errors is equally high.
Four out of five types of internal IT security incidents that took place at companies were closely related to erroneous employee actions.
Approximately 24% of respondents locally reported leaks that took place as a result of employee mistakes.
A slightly higher number of companies – 36% – reported incidents involving the loss or theft of mobile devices at the fault of an employee. Intentional leaks were committed by employees at 14% of the companies participating in the survey. Incidents were caused by incorrect use of mobile devices (via mobile email clients or text messaging) at 20% of the companies surveyed.
At the same time, an average of 10% of respondents locally reported that employee actions were the cause of leakages of critically confidential information pertaining to company operations. Most often, leakages of critically sensitive data occurred when employees were at fault over the loss or theft of mobile devices – 12% of respondents reported these types of incidents in 2013.