Egress research: 95% of legal organisations have suffered insider data breaches

Global News

13
Jul
2021

Editor

Egress’ Insider Data Breach Survey 2021 has revealed that an overwhelming 95% of organisations in the legal sector have experienced insider data breaches in the last year.

Human error was the top cause of serious incidents, according to 89% of legal IT leaders surveyed. However, legal IT leaders are more concerned about malicious insiders, with 27% indicating that intentionally malicious behaviour is their biggest fear. 

Additionally, over three-quarters (78%) of firms have been breached because of employees breaking security rules, and 77% have been the victim of phishing attacks.

The survey, independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.

Key insights include: 

• 95% of legal organisations have experienced an insider data breach in the last 12 months
• Human error is the leading cause of serious insider data breaches, with 89% of organisations in legal experiencing a security incident caused by a mistake 
• However, malicious insiders are legal IT leaders’ biggest worry, with 27% indicating that it’s their top concern
• Over three-quarters (78%) of organisations have been breached because of employees breaking security rules, and 77% have suffered serious breaches caused by phishing 
• Half of legal IT leaders believe that remote/hybrid working will make it harder to prevent data breaches caused by human error 
• By contrast, 52% of employees believe they are less, or equally as likely, to cause a breach when working from home

The risks of hybrid working: a difference in opinion

The biggest driver for change in insider risk over the last year has been the adoption of long-term remote working due to the pandemic. Half of IT leaders in legal believe that remote work has driven an increase in data breaches caused by human error. Meanwhile, employees disagree, with 52% believing that remote work makes them less, or equally, as likely to cause a data breach. 

Egress CEO Tony Pepper comments: “Insider risk is every organisation’s most complex vulnerability – and it has far-reaching consequences, from ransomware attacks to loss of client trust. Organisations must act now to mitigate the risk posed by their people.

“The research highlights the importance of empowering employees – they want to protect their employer’s data, and it’s up to organisations to ensure that they’re building a security-positive culture. With the right technology and strategy in place, organisations can transform their people from their biggest security vulnerability into their strongest line of defence.”

Methodology

The Insider Breach Report 2021 was independently conducted by Arlington Research on behalf of Egress, surveyed 500 IT leaders and 3,000 employees in the US and UK across vertical sectors including financial services, healthcare and legal.