跳到主体内容

The Threat Within: 3 Out Of 4 Companies Affected By Internal Information Security Incidents

2015年11月16日

According to a joint study conducted by Kaspersky Lab and B2B International, 73% of companies have been affected by internal information security incidents, and the largest single cause of confidential data losses are employees (42%)

According to a joint study1 conducted by Kaspersky Lab and B2B International, 73% of companies have been affected by internal information security incidents, and the largest single cause of confidential data losses are employees (42%). The average damage caused by leaks in small and medium-sized businesses amounted to $80,000.

As a company’s IT infrastructure expands, so does the threat landscape. New components add new vulnerabilities. The situation is aggravated by the fact that not all employees – especially those with no specialist IT knowledge – can keep pace with a rapidly changing IT environment. As a result, the company is exposed to not only external threats but also internal threats that come from employees.

This was confirmed by a recent survey of businesses that found 21% of companies affected by internal threats lost valuable data that subsequently had an effect on their business.

It is worth mentioning that the study reported cases of accidental data leaks (28%) and intentional leaks of valuable company data (14%).

Average financial losses incurred by small and medium businesses as a result of data leaks amounted to $80,000 – $33,000 from accidental leaks and $47,000 from intentional leaks. The figures for enterprises were $1.29 million, $544,000 and $748,000 respectively.

In addition to data leaks, internal threats include the loss and theft of employees’ mobile devices. 19% of respondents confirmed that they lost a mobile device containing corporate data at least once a year.

Another important factor is that of staff fraud. 15% of those surveyed encountered situations when company resources, including finances, were used by employees for their own purposes. The percentage may be low, but the losses caused by these incidents exceeded the damage caused by confidential data leaks for enterprises. Small and medium businesses lose up to $40,000 on average from fraudulent activity by employees, while the figure for enterprises exceeds $1.3 million.

"It's no secret that a security solution alone is not enough to protect a company’s data. And the results of this study confirm that,” comments Konstantin Voronkov, Head of Endpoint Product Management, Kaspersky Lab. “What’s required is an integrated multi-level approach powered by security intelligence and other supplementary measures. These measures may include the use of specialized solutions and the introduction of security policies, such as restricting access rights."

Kaspersky Lab recommends that the issue of comprehensive security should not be neglected, as reliable multi-level protection can prevent a company from incurring additional costs not only from external but also internal security incidents. In particular, technology that protects against DDoS and phishing attacks, encryption, protection of mobile devices, virtual infrastructures and financial transactions all provide reliable targeted security for the individual nodes of a corporate IT infrastructure, and datacenters. And the implementation of various security policies together with specialist services such as incident investigations, independent evaluations of a company’s IT infrastructure and staff training will minimize the risk of threats.


1The information security of businesses - Kaspersky Lab and B2B International, 2015. Over 5,500 IT specialists were surveyed from more than 25 countries around the world.

The Threat Within: 3 Out Of 4 Companies Affected By Internal Information Security Incidents

According to a joint study conducted by Kaspersky Lab and B2B International, 73% of companies have been affected by internal information security incidents, and the largest single cause of confidential data losses are employees (42%)
Kaspersky logo

关于卡巴斯基

卡巴斯基是一家成立于1997年的全球网络安全和数字隐私公司。卡巴斯基不断将深度威胁情报和安全技术转化成创新的安全解决方案和服务,为全球的企业、关键基础设施、政府和消费者提供安全保护。公司提供全面的安全产品组合,包括领先的端点保护解决方案以及多种针对性的安全解决方案和服务,以及用于应对复杂和不断变化的数字威胁的网络免疫解决方案。全球有超过4亿用户使用卡巴斯基技术保护自己,我们还帮助全球200,000家企业客户保护最重要的东西。要了解更多详情,请访问www.kaspersky.com.cn.

相关文章 企业新闻