Jerusalem - As businesses spend billions of dollars a year trying to protect their data from hacking that’s costing trillions, they face another threat closer to home: data theft by their own employees.
That’s one of the findings in a survey to be published by management consultant Accenture Plc and HfS Research on Monday.
Of 208 organizations surveyed, 69% “experienced an attempted or realised data theft or corruption by corporate insiders” over the past 12 months, the survey found, compared to 57% that experienced similar risks from external sources.
Media and technology firms, and enterprises in the Asia-Pacific region reported the highest rates - 77% and 80%, respectively.
“Everyone’s always known that part of designing security starts with thinking that your employees could be a risk but I don’t think anyone could have said it was quite that high,” Omar Abbosh, Accenture chief strategy officer, said in an interview in Tel Aviv, where he announced Accenture’s purchase of Maglan Information Defense & Intelligence Group, an Israeli security company.
Each year, businesses currently spend an estimated $84bn to defend against data theft that costs them about $2 trillion - damage that could rise to $90 trillion a year by 2030 if current trends continue, Abbosh forecast.
He recommended that corporations change their approach to cybersecurity by cooperating with competitors to develop joint strategies to outwit increasingly sophisticated cyber-criminals.
“There’s a huge business rationale to share and collaborate,” he said.
“If one bank is fundamentally breached in a way that collapses its trust with its customer base, I could be happy and say they’re all going to come to me, but that’s a false comfort” because “it pollutes the whole sphere of customers because it makes everyone fearful,” he said.
Despite recent high-profile data breaches of Sony, Target and the US Office of Personnel Management, many corporations do not yet consider cybersecurity a top business priority, Accenture found.
Seventy percent of the survey’s respondents said they lacked adequate funding for technology, training or personnel needed to maintain their company’s cybersecurity, while 36% said their management considers cybersecurity “an unnecessary cost.”