Finance and HR: biggest data security risk according to new study

Nearly 90 percent of companies questioned had experienced a security incident in the last year
Nearly 90 percent of companies questioned had experienced a security incident in the last year

New research conducted by Clearswift shows that finance and HR departments, along with the people working in them, represent the biggest information security threat to business. Views from over 500 data security specialists were collected in the UK, US, Germany and Australia.

According to the surveyed global data security professionals, nearly half, 48 percent, said finance departments presented a security threat to their organisation and 42 percent said the same of HR (40 percent and 48 percent respectively for UK respondents).

These departments have access to very sensitive data. Legal and compliance, which have access to equally sensitive information, were considered to be a much lower risk (16 percent). Mid-career professionals were a higher risk at 37 percent compared to 19 percent for senior management and 12 percent for executives/admins.

An overwhelming 79 percent of respondents said men were more of a concern than women. “This perhaps suggests that women are perceived as more cautious, however it could also imply that men are perceived to be more likely to be involved with handling sensitive data,” says Heath Davies, chief executive at Clearswift.

Those working on site were more of a risk than those working remotely, said 67 percent of respondents. Davies notes that people in the office have easier access to sensitive data, and in turn are more likely to lose it.

Data breaches are most likely to come from inside the company. Nearly 90 percent of companies questioned had experienced a security incident in the last year, and 73 percent came from people they knew such as employees, past employees or customers/suppliers.

An estimated 53 percent of the workforce may cause and accidental security breach, whilst five percent are viewed as potentially causing a malicious one.

Davies concludes, “By pairing detailed knowledge and understanding with adaptive security technology, you can create a win-win security game-plan to help you combat insider threats: locking down your sensitive data while keeping business moving.”