Sharp Increase in Data Loss Due to Insider Threats


A new Ponemon Institute survey has found that 76% of IT practitioners in the U.S. and Europe say their organizations have suffered the loss or theft of important data over the past two years. This is a significant increase from the 67% reporting data loss or theft in the same survey two years ago.

Here are the other key findings of the survey of 3,027 employees and IT practitioners in the U.S. and Europe, conducted in April and May, 2016, and sponsored by Varonis Systems:


58% of IT practitioners see outside attackers who compromise insider credentials as the #1 threat, followed by 55% who point to insiders who are negligent, and 44% worrying about malware.

62% of end users say they have access to company data they probably shouldn’t see, with 47% saying such access happens very frequently or frequently. The overall figure (62%) is down from 71% reporting too much access to confidential data in 2014.

Only 29% of IT practitioners report that their organizations enforce a strict least-privilege model to ensure insiders have access to company data on a need-to-know basis.


88% of end users say their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents, or other sensitive information assets. This is significantly higher than the 76% recorded in the 2014 survey.

43% of respondents say they retain and store document or files they created or worked on forever (up from 40% in 2014). Another 25 percent of respondents say they keep documents or files one year or longer.

Only 25% of the organizations surveyed monitor all employee and third-party email and file activity, while 38% do not monitor any file and email activity.

78% of IT practitioners are very concerned about ransomware. 15% of organizations have experienced ransomware and barely half of those detected the attack in the first 24 hours.

35% of the organizations surveyed have no searchable records of file system activity, leaving them unable to determine, among other things, which files have been encrypted by ransomware.

The Ponemon Institute concludes:

The continuing increase in data loss and theft is due in large part to two troubling factors:

  • Compromises in insider accounts that are exacerbated by far wider employee and third-party access to sensitive information than is necessary
  • The continued failure to monitor access and activity around email and file systems – where most confidential and sensitive data moves and lives.

Originally published on