The legal sector is a prime target for cybercriminals, and the vast majority of IT leaders in the industry consider insider threats a significant concern. 77% think employees are directly responsible for exposing valuable data by mistake.
While other industries seem to be a lot more exposed when it comes to data breaches, the legal sector has unique caveats. IT pros say accidental data breaches appear to be accidental – not so much the result of cyber-attacks.
Egress Global Insider Data Breach survey covered 106 IT leaders and 1,001 employees in legal sector companies, from UK, US and Benelux regions.
In a survey, 96% of IT leaders in the legal sector think their business face insider breach risks, which are difficult to quantify, let alone prevent. Furthermore, 77% say employees have already leaked data in the past 12 months, and among those, 78% of the people involved in insider breaches did so intentionally.
“Responses from legal sector employees shows they are twice as likely as those from other sectors to admit both intentionally and accidentally breaking company policy when sharing data,” states the survey. “57% said they had intentionally broken company policy compared with 29% average across all sectors, and 56% said they had done so accidentally, compared with 27% on average.”
Unfortunately, the reason for breaches in the legal sector seem to rest with the reliance on conventional methods, which are no longer sufficient. Only half of the companies are using a dedicated security solution, and only 43% of the have some form of email encryption. Also, 61% of the IT leaders say that insider data breaches are typically revealed only when employees notify them.
Data breaches also happen by mistake. 55% of legal sector employees that leaked data did so after being tricked by a phishing email and 31% sent the information to the wrong person. Another problem is that some employees have misconceptions about who actually owns the data. And while more than half of those who shared data knew full well it was against company policy, 58% of them took the data with them to their new job.