Eighty per cent of CISOs believe their company's own employees and contractors are the greatest threat to company data, according to a new study conducted by security vendor NetWitness and audit and information security training company MIS Training Institute.

Conducted from 10th to 12th June at the sixth annual CISO Summit in Lisbon, Portugal, the survey of more than 60 information security professionals from across the world also found that just 18 per cent viewed external sources as the biggest threat to company data.

When asked how concerned about data breaches they were, 97 per cent of respondents said they were either “very concerned” or “concerned,” while just three per cent said they don't worry about their network "because it's secure," the survey found.

Meanwhile, based on respondents' answers, the survey showed that 59 per cent of sensitive data resides on Windows or Unix-based servers, 23 per cent on mainframes, eight per cent on end-user computers and another eight per cent with third parties. Eddie Schwartz, CSO of NetWitness, told SCMagazineUS.com on Monday that he thinks those stats are concerning because they illustrate that many companies store their most sensitive data in places not necessarily in direct control of data centre.

In a roundtable meeting where security pros gathered to discuss the survey findings, some talked about their inability to deploy the proper technologies to counter the threats of today, Schwartz said. Most agreed that due to competing demand from compliance and budget constraints, it was difficult to obtain the needed technology to face attacks at the application layer.

One attendee said organisations should get better visibility to monitor computers on their network and look for signs of communication with outside entities - and then stop that communication. Schwartz said that tactic is not necessarily easy, but it's a reasonably good defensive measure.

Protecting data from both internal and external threats, as well as meeting compliance demands and dealing with cost restrictions, are major concerns of customers, Doug Howard, chief strategy officer at security vendor Perimeter eSecurity, told SCMagazineUS.com on Tuesday.

“It's not an internal versus external problem, it's about protecting your core data and putting a layered approach,” Howard said.