Egress’ Insider Data Breach Survey 2021 has revealed that an overwhelming 96% of financial services organisations have experienced insider data breaches in the last year. Human error was the top cause of serious incidents, according to 88% of IT leaders surveyed. However, IT leaders are more concerned about malicious insiders, with 38% indicating that employees falling for a phishing attack is their biggest fear. 

Additionally, 80% of organisations have been breached because of employees breaking security rules, and 79% have been the victim of phishing attacks.

The survey, independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.

The research also highlights the impact of the pandemic on security for financial services firms. With employees working at arms length from security teams, organisations are seeing an increase in data breach incidents. Almost seven in ten (69%) IT leaders in financial services said that they’ve seen an increase in incidents caused by human error during the pandemic, such as employees sending emails to the wrong person by mistake. When asked if they think that remote and hybrid working will make it harder to prevent breaches caused by human error, 63% agreed that they will be more difficult to prevent.

Furthermore, 65% of IT leaders say that the number of employees falling for phishing attacks has increased during the pandemic, indicating a need for additional security technology and employee training.

Concerningly, due to the pandemic IT leaders in financial services are also seeing an increase in incidents caused by employees intentionally not following security procedures, with 65% indicating that they’ve seen an increase in incidents caused by employees not following security measures. With many organisations considering their plans for a hybrid or remote future, security teams will be considering the best way to manage this increased risk moving forward.

Egress CEO Tony Pepper comments: “Insider risk is every organisation’s most complex vulnerability – and it has far-reaching consequences, from ransomware attacks to loss of client trust. Organisations must act now to mitigate the risk posed by their people.

“The research highlights the importance of empowering employees – they want to protect their employer’s data, and it’s up to organisations to ensure that they’re building a security-positive culture. With the right technology and strategy in place, organisations can transform their people from their biggest security vulnerability into their strongest line of defence.”