Research by data loss prevention company Clearswift, which gathered views from over 500 data security specialists in the UK, US, Germany and Australia, suggested there was much concern about the finance and HR departments having access to sensitive data.
Some 79 per cent of respondents said men were more of a worry than women
These concerns, the company said, related to the potential for mistakes by employees in the two departments – such as sending salaries or customer details to the wrong people, or inadvertently installing malware. The latter was suspected to be the case behind eBay's 2014 cyber hack, which exposed millions of customer passwords.
The online retail giant said the hackers were able to compromise a small number of employee logins, which then allowed them to gain access to user passwords and information. Similarly, Target, which was the victim of one of the largest attacks in 2014, admitted it ignored malware software warnings before customer information was stolen.
However, Clearswift's results suggested that mid-career professionals were a high risk when it came to such situations. Some 37 per cent of respondents said middle management represented the biggest threat, compared with 19 per cent for senior management and 12 per cent for executives.
But while perceived risk was lower for older employees, 28 per cent said those aged 35-44 were most likely to be behind malicious data theft.
Read more about data hacks and cyber security:
- Ashley Madison hack could be hugely lucrative, but that's not the only thing to fear
- Effective data security: The time to act is now
- Joint venture forged to incubate small cyber firms securing Internet of Things and big data
Heath Davies, CEO of Clearswift, claimed that senior managers were generally in tune with the consequences of data loss, whilst junior people often didn’t have access to the kind of data that could cause disasters.
“Middle-aged, middle managers are in between – having access to the data, but no obvious stake in the consequences of losing it," he said. "They are also more likely to be under time and financial pressure, and so may be more inclined to take risks. This makes them more likely to make mistakes or even succumb to foul play.”
Some 79 per cent said men were more of a worry than women. Davies suggested that women were perceived as more cautious, however, it could also imply that men were perceived to be more likely to be involved with handling sensitive data.
Data breaches are most likely to come from inside the business. Davies explained: "Despite all the security worries about people working out of the office on whatever devices they want, those in the office actually have easier access to sensitive data, so are more likely to lose it.”
Of the 88 per cent of companies that had experienced a security incident in the last 12 months, 73 per cent admitted that it was due to employees, past employees or customers/suppliers.
Davies concluded: "We're not proposing targeting individuals, but if you can understand the combination of factors that make certain people in certain roles more of a risk, you can focus your resources on ensuring those breaches don't happen. For example, you could provide tailored security training or put in more sophisticated layers of security around particular segments of the business.
“Cyber security has a constantly changing field of play, balancing security with the freedom to collaborate. We live in a complex, changing world and threats will be different in different parts of the organisation. By pairing detailed knowledge and understanding with adaptive security technology, you can create a win-win security game-plan to help you combat insider threats: locking down your sensitive data while keeping business moving.”