Negligent employees are the leading cause of data loss for Italian companies. The first report confirms this Data Loss Landscape Of Proofpoint. It analyzes how current approaches to data loss prevention (DLP) and insider threats are addressing today’s macro challenges such as data proliferation, sophisticated threat actors, and generative artificial intelligence (GenAI). THE results show how data loss is a problem resulting from the interaction between humans and machines.
Proofpoint’s Data Loss Landscape
The “inattentive users” are much more likely to cause these incidents than compromised or misconfigured systems. While companies are turning to DLP solutions, Proofpoint’s report shows that these investments are often inadequate. With 88% of Italian companies interviewed having suffered data loss in the last year. More than nine in ten (95%) of those affected have suffered negative effects, such as business interruption and loss of revenue (67%) or reputational damage (28%).
The results of the investigation
Ryan Kalember, Chief Strategy Officer di Proofpoint
This research highlights the most critical aspect of the data loss problem: the human causes. Careless, compromised and malicious users are, and will continue to be, responsible for the vast majority of incidents. While GenAI tools perform common tasks and, in the process, gain access to sensitive data. Companies need to rethink their DLP strategies to address the root cause of data loss: human behavior. So you can detect, analyze and respond to threats across all channels your employees use, including cloud, endpoint, email and web.
The main Italian results
Data loss It is a widespread problem, but one that can be prevented. Italian companies have recorded the equivalent of one accident per month (an average of 12 accidents per company in the last year). The 49% of those interviewed declared that the main cause is attributable to careless users. Carelessness includes sending emails incorrectly, visiting phishing sites, installing unauthorized software, and sending sensitive data to a personal account. These are all behaviors that can be prevented and mitigated.
Sending incorrect emails it is one of the simplest and most significant causes of information loss. According to 2023 data from Tessian, about a third of employees sent one or two emails to wrong recipient. This means that a company of 5,000 employees can expect to deal with around 3,400 bad emails per year. One erroneous email containing employee, customer or patient data can potentially trigger a significant fine under GDPR and other regulations.
Proofpoint’s Data Loss Landscape, beware of negligent employees
Generative AI is the most current concern. Tools like ChatGPT, Grammarly, Bing Chat, and Google Gemini are increasing in power and usefulness. So much so that an ever-increasing number of users are entering sensitive data into these applications. “Gen AI site browsing” has become one of the top five DLP and insider threat alert rules configured by organizations using Proofpoint’s Information Protection platform.
The consequences of malicious actions can be costly. 12% of respondents said malicious insiders, such as employees or vendors, are behind data loss incidents. Dangerous actions carried out by employees who are leaving the company, trying to harm it, can have even greater implications than those caused by negligent insiders. Because they are motivated by personal returns.
Outgoing employees are one of the riskiest types of users (25%). NoThey don’t always think they are acting maliciously. Some simply feel entitled to walk away with the information they have produced. Proofpoint data shows that 87% of anomalous file exfiltrations across cloud tenants, over a nine-month period, were caused by resigning employees. Emphasizing the need for preventative strategies such as implementing a security review process for this category of users.
Privileged users are the most risky. Nearly three-quarters (74%) of Italian respondents identified employees with access to sensitive data as the greatest risk of data loss. Additionally, information from Proofpoint shows that 1% of users are responsible for 88% of data loss events. These findings indicate how companies must prioritize best practices. Such as using data classification to identify and protect business-critical data and “crown jewels.” As well as monitoring people who have access to sensitive data or admin privileges.
Proofpoint’s Data Loss Landscape, the situation in Italy
Companies’ data loss prevention programs are improving. In Italy they are initially implemented in response to legal regulations. With more than a third of respondents (38%) citing meeting regulatory compliance standards as their primary motivation. There protection of employee and customer privacy stood at 42%. While reducing costs associated with data loss to 40%.