Data leaks emerge as worst security threat

Data leaks are catching up with viruses as the worst IT headache for companies in the US, UK, Germany and Japan, new research claimed today.

A Trend Micro poll of 1,600 corporate end users revealed the loss of proprietary company data and information as the second most serious threat at work after viruses.

While six per cent of end users admitted to having leaked company information, 16 per cent believe that other employees caused data leaks.

End users in the US, UK and Germany are more likely to admit to leaking company data, either intentionally or accidentally, than end users in Japan.

Respondents in the US perceive themselves as slightly savvier when it comes to confidentiality.

Some 74 per cent of US respondents said that they know what type of company data is confidential and proprietary, compared to 67 per cent in the UK, 68 per cent in Germany and only 40 per cent in Japan.

On the other hand, end users at large companies in Japan are more aware of what type of company data is confidential compared to end users at smaller organisations.

Mobile users are also more confident. In the US, for example, 79 per cent of mobile end users said that they know what is classified information, compared to 69 per cent of desktop computer users.

The study also found that 46 per cent of companies do not currently have a policy to prevent data leaks.

Companies in Germany and Japan are more likely than their UK counterparts to implement data leak prevention policies.

In all countries surveyed, large organisations are more likely to have preventative policies in place than small companies.

Among end users whose company currently has a policy to prevent data leakage, 70 per cent of US end users have received training compared to 57 per cent in the UK.

In all countries surveyed, installation and use of security software are the most common actions taken to combat data leakage.

"The survey highlights some key challenges, including user education, inadequate security policies and the broad brush access rights typical in many enterprises today," said Rik Ferguson, solutions architect at Trend Micro.

"All too often employees simply do not know which information is confidential, within the remit of public domain or of restricted distribution.

"Even if the regulations were clear, employees are often unaware of the corporate policy around such information."

Ferguson added that the majority of data leaks happen from within, either by accident or design, by valid users who have access to the data within a corporate network.

"This can trigger fines, litigation, brand damage and bad press, so it is no surprise that data leaks are becoming such an important issue for companies."