Report: 60% of organizations have experienced data loss due to employee mistakes

We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!


Three in five organizations have experienced data loss or exfiltration in the past 12 months as a result of an employee’s email error, according to a new survey from Ponemon Institutesponsored by email security company tessian† The survey of 614 IT security professionals worldwide also found that email was the most risky channel for data loss in organizations according to 65% of security professionals.

The survey found that employee negligence (due to policy failure) is the leading cause of data loss incidents, with more than a quarter (27%) of incidents coming from malicious insiders. Deliberate data stealing also puts pressure on IT teams, as the data showed that it can take security and risk management teams up to three days to detect and remediate a data loss incident caused by a malicious email insider.

The most common types of confidential and sensitive information that are lost or intentionally stolen are: customer information (61%); intellectual property (56%); and consumer information (47%). User-created data (sensitive email content, text files, merger and acquisition documents), regulated data (credit card data, social security numbers, national ID numbers, employee data) and intellectual property emerged as the three types of data most difficult to protect from data loss.

Organizations can’t protect what they can’t see, and a lack of visibility of sensitive data that employees transferred from the network to personal email was cited as the most common barrier (54%) to preventing data loss. Furthermore, the majority of organizations (73%) are concerned that employees do not understand the sensitivity or confidentiality of data they share via email.

Despite these risks, organizations do not have adequate training. While 61% have received security awareness training, only about half of IT security leaders say their programs address the sensitivity and confidentiality of the data employees access via email.

According to Josh Yavor, CISO of Tessian, security awareness training that directly addresses common types of data loss and a security culture that instills trust among employees will ultimately help limit the amount of data flowing out of an organization.

Read the full report by Tessian and the Ponemon Institute.

The mission of VentureBeat is a digital city square for technical decision makers to gain knowledge about transformative business technology and transactions. Learn more about membership.