Causes of data loss in German companies

15 April 2024
| No comments
Causes of data loss in German companies

Share post

Data loss is a problem that occurs in the interaction between humans and machines: “careless users” are much more likely to be the cause of such incidents than compromised or misconfigured systems.

This is the finding of the first Data Loss Landscape Report from Proofpoint, a leading cybersecurity and compliance company. With the study, Proofpoint examines how current approaches to data loss prevention (DLP) and insider threats address current macro challenges such as data growth, sophisticated cybercrime groups and generative artificial intelligence (GenAI).

The report shows that companies' investments in DLP solutions are often inadequate. 82 percent of the companies surveyed in Germany struggled with data loss last year. More than nine out of ten (95 percent) of the companies affected were confronted with negative consequences such as business interruptions and loss of sales (60 percent of the companies affected) or violations of the law/fines (40 percent).

“This study illuminates the most critical aspect of data loss: the human causes,” commented Ryan Kalember, Chief Strategy Officer at Proofpoint. “Careless, compromised and malicious users are and remain responsible for the vast majority of incidents. In particular, more and more employees are using GenAI applications for everyday tasks and also entering sensitive data into these publicly available tools. Organizations must rethink their DLP strategies to address the root cause of data loss - the actions of people - in order to detect, analyze and respond to threats across all channels used by their employees. This applies to cloud applications and devices as well as to email and the web.”

Data Loss Landscape 2024

The Data Loss Landscape 2024 report is based on responses from 600 security professionals at companies with 1.000 or more employees across 17 industries and 12 countries. The information obtained was supplemented with data from the Information Protection Platform of Proofpoint and Tessian, which Proofpoint acquired last fall. This determined the extent of data loss and insider threats that companies are exposed to. The most important results of the study for Germany at a glance:

  • Data loss is a common but avoidable problem: On average, companies experienced more than one incident per month (an average of 15 data losses per German company last year), with 78 percent of respondents citing careless users as the main cause. These careless actions include forwarding emails, visiting phishing sites, installing unauthorized software, and emailing sensitive information to a private account. All of these are avoidable behaviors that can be reduced by establishing appropriate practices. This includes data loss prevention rules for email, web uploads, cloud file sync, and other common data exfiltration methods.
  • Incorrectly addressed emails are one of the simplest and most common causes of data loss: According to 2023 data from Tessian, about a third of employees sent one or two emails to the wrong recipient. This means that a company with 5.000 employees can expect around 3.400 misdirected emails per year. A misdirected email containing employee, customer or patient data can result in significant fines under the General Data Protection Regulation (GDPR) and other regulatory requirements.
  • Generative AI is the fastest growing problem when it comes to data loss: Tools like ChatGPT, Grammarly, Bing Chat, and Google Gemini are becoming more powerful and useful, and more and more users are entering sensitive data into these applications. That's why "Searching AI websites" is one of the five most important controls that Proofpoint Information Protection Platform users set to be alerted to potential data loss.
  • The consequences of malicious actions can be costly: 15 percent of respondents said that malicious insiders – such as employees or contractors – were behind data loss. Malicious actions and employees who seek to harm the company can have even more serious consequences than careless insiders because these individuals are motivated by personal gain.
  • Retiring employees have been identified as one of the highest-risk user groups (32%): departing employees are not always aware that they are acting maliciously - some simply feel entitled to take the data they created with them. Proofpoint data shows that 87 percent of anomalous file exfiltrations on cloud accounts over a nine-month period were carried out by departing employees. This highlights the need for preventive strategies such as implementing a security vetting process for relevant users.
  • Privileged users are the biggest risk: More than half (57%) of German respondents said employees with access to sensitive data, such as human resources and finance managers, pose the greatest risk of data loss. Additionally, Proofpoint data shows that 1 percent of users are responsible for 88 percent of data loss. These results show that organizations need to establish best practices such as data classification to identify and protect business-critical data. Priority should also be given to monitoring people with access to sensitive data or administrative rights.
  • Motivation for DLP programs: Many DLP programs in Germany were originally introduced in response to legal requirements. Nearly a third (32%) of respondents cite regulatory compliance as their primary reason. Protecting the privacy of employees and customers was the top reason for companies in Germany (50%), followed by minimizing the costs associated with data loss (44%).

“The use of new communication channels and tools requires DLP programs to be checked regularly because user behavior changes due to such rapid developments,” says Kalember. “Implementing purpose-built DLP platforms can help optimize security programs by enabling security teams to obtain complete user and data visibility into all incidents and address the full spectrum of data loss scenarios that people cause. People are a critical variable for data security – and DLP programs must take this into account.”

More at Proofpoint.com

 

About Proofpoint

Proofpoint, Inc. is a leading cybersecurity company. The focus for Proofpoint is the protection of employees. Because these mean the greatest capital for a company, but also the greatest risk. With an integrated suite of cloud-based cybersecurity solutions, Proofpoint helps organizations around the world stop targeted threats, protect their data, and educate enterprise IT users about the risks of cyberattacks.

 

Matching articles on the topic

Causes of data loss in German companies

Data loss is a problem that occurs in the interaction between humans and machines: “careless users” are much more likely to be the ones ➡ Read more

Cyberattacks via API

In the first month of 2024, the frequency of API attacks has increased, affecting an average of 1 in 4,6 companies per ➡ Read more

Why cybercriminals specifically target backups

There are two main ways to recover encrypted data after a ransomware attack: restoring from backups and paying the ➡ Read more

Report: More Email Server Attacks and Evasive Malware

WatchGuard Internet Security Report documents a dramatic increase in so-called “evasive malware,” contributing to a significant increase in overall malware volume. ➡ Read more

Tape storage as a valuable backup and cyber protection strategy

When it comes to their backup recovery solution, many companies mainly pay attention to storage technologies that ensure high speed data recovery to improve the business ➡ Read more

Ransomware: Cybercrime groups increase ransom demands

As a new report shows, cybercriminals continue to rely on business email compromise in addition to ransomware and use long-known, ➡ Read more

Cyber ​​security insurance or better data protection?

The volume of data in organizations is constantly growing and many companies are grappling with the question of how to manage this amount of data ➡ Read more

Apple malware on the rise

In its annual Security 360 report for 2023, Jamf shows that malware threats for ➡ Read more

 

Stories
, , , ,