Rogue employees are ‘biggest threat to information security’

by Ben Sullivan| 09 May 2014

But employees don't necessarily have to be malicious to put a company at risk.

'Rogue employees' continue to be the biggest threat to information security, according to 37% of IT professionals polled at Infosecurity Europe 2014.

The poll conducted by BSI, a business standards company, investigated perceived threats to information security and how businesses are responding. It found that despite taking measures to combat the risks, 37% of businesses still see employees as biggest threat to information security, ranking the insider threat, higher than cyber-attacks (19%) and bring your own device (BYOD) (15%).

"It's no surprise to see insider threats as the biggest risk to information security as employees will always be the one thing that cannot be controlled," said Suzanne Fribbins, Risk Management Expert at BSI.

"Employees don't necessarily have to be malicious to put a company at risk; they may just not understand the possible risks associated with their actions. Research has shown that effective staff training can halve the number of insider breaches, by ensuring employees understand the importance of information security and their role in protecting businesses critical information."

In order to reduce the risk to their business, over half have implemented an internal information security policy, 47% have provided staff training and 63% are either certified (29%) or operating in compliance (34%) with ISO 27001, the international Information Security Management System Standard.

A further 23% indicated they were looking to certify in the immediate future.

However, confidence in security measures to protect against risks is relatively low with under half stating they are confident in the measures their firm has taken. One in ten are not confident at all, yet unsurprisingly in organisations that are certified to ISO 27001 the levels of confidence in security measures rise to 78%.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.


Suppliers Directory

  • Neverfail Overview

    The Neverfail Group is dedicated to creating a world where business applications are continuously available. High Availability, Disaster Recovery...

  • Teneo - Infrastructure Management, Performance and Virtualization Services

    Teneo is an infrastructure optimization company, providing solutions that help customers with the management, performance and virtualization of...

  • Capscan

    Capscan is a leading supplier of international address management solutions and data integrity services. Capscan has more than 1800 customers...

  • Webroot - Security Solutions

    Webroot provides industry leading security solutions for consumers, enterprises and small and medium businesses worldwide.

See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.