Spending on security set to grow, but pesky humans still main reason for data losses in organisations
Human error is still the leading cause of data losses for businesses in the UK, according to a new report, despite Gartner predicting a 4.7 percent increase in worldwide spending on information security in 2015.
Databarracks’ recent Data Health Check report surveyed over 400 IT decision makers and besides finding that humans are still the biggest security weak-link, and it advised firms that adopting a big business ethos can significantly reduce avoidable data losses.
The survey found that 24 percent of organisations admitted that a data loss was the result of an employee accident in the last 12 months.
Other high-scoring causes of data loss included hardware failure (21 percent) and data corruption (19 percent).
“Human error has consistently been the biggest area of concern for organisations when it comes to data loss,” Oscar Arean, technical operations manager at Databarracks. “People will always be your weakest link, but having said that, there is a lot that businesses could be doing to prevent it, so we’d expect this figure to be lower.
“The results weren’t consistent across all organisations though. When we broke them down by business size, we saw that for the second year in a row, it was actually hardware failure, which contributed the most towards data loss across large organisations at 31 percent (up from 29 percent in 2014).
“This isn’t surprising as the majority of large organisations will have more stringent user policies in place to limit the amount of damage individuals can cause,” said Arean. “Secondly, due to the complexity of their infrastructure, and the cost of maintaining it, large organisations may find it more difficult to refresh their hardware as often as smaller organisations, so it’s inevitable at some point it will just give out.”
But SMEs can actually minimise their data loss risks from human error if they adopt some of the practices used by big businesses.
“The figures we’re seeing this year for data loss due to human error are too high (16 percent of small businesses and 31 percent of medium businesses), especially considering how avoidable it is with proper management,” said Arean. “I think a lot of SMEs fall into the trap of thinking their teams aren’t big enough to warrant proper data security and management policies, but we would disagree with that.
“In large organisations, managers can lock down user permissions to limit the access they have to certain data or the actions they’re able to take – this limits the amount of damage they’re able to cause. In smaller organisations, there isn’t always the available resource to do this and often users are accountable for far more within their roles. That is absolutely fine, but there needs to be processes in place to manage the risks that come with that responsibility.
“Of course small organisations don’t need an extensive policy on the same scale that a large enterprise would, but their employees need to be properly educated on best practice for handling data and the consequences of their actions on the business as a whole. “There should be clear guidelines for them to follow.”
Human error has consistently being one of the biggest factors in data losses over the years.
Last year for example, a Freedom of Information (FoI) revealed that human error was the reason for an increase in data breaches reported to the Information Commissioner’s Office (ICO). This was despite awareness of the need for appropriate education and processes to prevent such incidents.
It said that worldwide information security spending is forecast to grow 4.7 percent to reach an impressive $75.4bn (£50bn) in 2015. It seems that government initiatives are driving this spending increase, as more legislation and high-profile data breaches act as principle growth drivers.
According to Gartner, security testing, IT outsourcing, and identity and access management will offer the biggest growth opportunities for technology providers.
“Interest in security technologies is increasingly driven by elements of digital business, particularly cloud, mobile computing and now also the Internet of Things, as well as by the sophisticated and high-impact nature of advanced targeted attacks,” said Elizabeth Kim, research analyst at Gartner.
This focus is apparently driving investment in emerging offerings, such as endpoint detection and remediation tools, threat intelligence and cloud security tools, such as encryption. But Kim warned that strength in these emerging segments cannot compensate for the downgrade of the larger mature segments being commoditised.
Gartner also warned that price increases will drive organisations to forgo security purchasing in 2015, especially in Europe. This is because most security offerings herald from the United States, and the strengthen of the US dollar “will trigger significant price changes in the conversion from local currencies to US dollars.”
It said that pricing went up as much as 20 percent for most security products in the European region, for example.
How much do you know about data breaches? Take our quiz!