GDPR drives down UK insider threat

The General Data Protection Regulation or GDPR for short has been in place for two months now and data already shows a declining trend in the insider threat in European Countries.

Unsure how to best protect your business against threats. Read our GDPR White Paper for the facts >>

There has been a drop of 8% in threats from within an organisation over the last year with only 65% of all incidents. According to a study commissioned by Clearswift the US have seen an increase of 8% making their total 80%.

According to the data US businesses are yet to wake up to the threat from employees with the most well prepared being countries in the EU such as Germany who have cut this threat by 5% to 75%

The survey across the UK, Germany and the US focused on the responses of 400 senior IT decision-makers who are in organisations with more than 1,000 employees.

Larger firms showed a lower number of insider threats with a threat level of 36% in businesses with more than 3,000 employees. This is most likely due to tighter security procedures.

13% of all cyber security breaches were from ex-employees, this proves that an improvement in current procedures when an employee leaves is necessary.

“Although there is a slight decrease in numbers in Europe, the results once again highlight the insider threat as being the chief source of cyber security incidents,” said Guy Bunker, senior vice-president products at Clearswift.

“The majority of incidents are still coming from within the business and its extended enterprise, far greater than the threat from external hackers. Businesses need to shift the focus inwards.”

“At the very least, said Bunker, the GDPR has ensured that firms have a better view of where critical data sits within their business and has highlighted to employees that data security is an issue of critical importance. This may be responsible for the drop in the insider threat across EU countries.”

“If a firm understands where the critical information within the business is held and how it is flowing in and out of the network, then it is best placed to manage and protect it from the multitude of threat vectors we are seeing today,” said Bunker.

The study showed that employers believe most (62%) of the cyber incidents caused internally are accidental rather than caused on purpose. Although internal threats cause the biggest risk it is down from 65% last year.

“Organisations need to have a process for tracking the flow of information in the business and have a clear view on who is accessing it and when,” said Bunker.

“Businesses also need to ensure that employees ‘buy into’ the idea that data security is now a critical issue for the business. Educating them on the value of data, on different forms of data, what is shareable and what is not, is crucial to a successful cyber security strategy.”

Bunker said technology can act as the first and last line of defence even though mistakes still occur.

“In particular, adaptive data loss prevention systems can automatically remove sensitive data and malicious content as it passes through a company network,” he said.

Ensure your business stays compliant with the latest legislation. Read our GDPR White Paper for the facts >>