Hackers Not the Only Causes of Data Breaches


Zach Capers, CFE 
ACFE Research Specialist

In the past year, the number of reported data breaches has increased by nearly 30 percent, according to a report from the Identity Theft Resource Center. While recent headline-grabbing events such as last month’s record-setting Home Depot data breach might lead one to speculate that the majority of these breaches are the result of malicious data thieves, research indicates that a greater number are caused by employee negligence and system malfunctions. According to the Ponemon Institute’s most recent Cost of a Data Breach analysis, hackers accounted for 42 percent of all data breaches, whereas employee negligence and system defects combined for 59 percent.

As employees are increasingly able to access and transmit company data between innumerable computing devices and various storage mediums, new avenues for data loss must be addressed. Unfortunately, business policies concerning emerging technological trends and other risks related to data security are often insufficient, outdated or simply ignored.

This predicament is exemplified at many organizations by the Bring Your Own Device (BYOD) movement of recent years. As the number of employees who depend on their personal devices to accomplish occupational tasks has increased, so too have the risks of potential data breaches resulting from these devices being unsecured, misused, or lost. Additionally, because the devices are owned by employees, the company has only limited control over how they are used. Consequently, the implementation of a formal and comprehensive BYOD policy is critical to alleviate increased data risks while also allowing organizations to realize the benefits of the BYOD craze. However, despite the pervasiveness of personal device use in the workplace, a recent TEKsystems report found that more than one-third of IT professionals surveyed reported a complete lack of communication regarding BYOD.

To address these and related concerns, the ACFE’s newest two-day seminar, Protecting Data and Intellectual Property, has been designed to provide a thorough understanding not only of BYOD, but also of other burgeoning data risks such as cloud computing, social media, social engineering and increasingly sophisticated corporate espionage techniques. Furthermore, the program provides anti-fraud professionals with a solid foundation concerning the key legal issues, prevention strategies and response plans critical to securing an organization’s data.

While high-profile hacker attacks understandably generate the most Internet clicks, sound data security policies and employee awareness can foster a more secure business environment that reduces opportunities for malicious data thieves.