Print Page  |  Close Window

Press Release

More Than 90 Percent Of Employees Violate Policies Designed To Prevent Data Breaches
Employee Behavior Accounts for the Majority of Breaches; Companies Need to Reduce Compliance Effort to Manage Risks and Minimize Costs, According to CEB

ARLINGTON, Va., Nov. 1, 2016 /PRNewswire/ -- Companies are increasing technology investments to protect against external data breaches, but employees pose a bigger threat than hackers according to CEB (NYSE: CEB), a best practice insight and technology company. To mitigate the rising costs of breaches, organizations need to reduce the burden of complying with privacy policies.

CEB Logo.

Due to the advent of cloud-based productivity tools and the increase in collaboration between employees, more data is changing hands and leaving company-controlled networks than ever before. In fact, almost two-thirds of employees report regularly using personal technologies for work, primarily for the sake of convenience. For example, sending a file from their company computer to a personal email account to work while they are not in the office.

In choosing convenience and productivity over security, employees put sensitive data at risk – and the costs are significant. The average Fortune 1000 company already spends more than $400,000 notifying customers and employees of privacy failures each year, and that's only for the failures that are reported. Forty-five percent of internal privacy failures are caused by intentional but non-malicious employee actions.

"While spending on information security has dramatically increased over the last decade, companies are overlooking a bigger cause of breaches – employee behavior," said Brian Lee, Data Privacy practice leader, CEB. "Investing in technology to improve security is essential, however organizations also need to ensure that employees are doing their part to protect sensitive information."

"Employees will often work around controls – especially ones they feel are onerous – as a way to make their job easier," said Lee. "This 'rationalized noncompliance' can not only increase privacy risks, but even jeopardize corporate strategy and ultimately growth. Establishing a more balanced approach to information governance – one that complements technological controls with prudent and relevant privacy policies that employees can easily follow – will allow companies to effectively use the information they collect and protect against a damaging data breach."

Guidance for Leaders

To manage employee behaviors that jeopardize data privacy and mitigate associated costs, organizations must do two key things:

  • Avoid collecting unnecessary data – The simplest way to protect sensitive data is not to have it in the first place. But companies, drawn by big data's tantalizing promises, often collect too much information or worse, keep data long after its usefulness has passed. There's a difference between big data and "lots of data," and organizations need to constantly evaluate how they use data and set guidelines on what they collect and store.
  • Build privacy into business workflows to make it easier for employees to comply with requirements – The biggest reason why employees choose not to follow required procedures is the level of burden they perceive. To lower that burden, leaders should start by prioritizing processes that handle the most data and data that is most sensitive. Leaders should also identify and address stress points in the employee lifecycle where noncompliance is most likely, such as gaps in leadership or changes in workload, and intervene with information, direction and support for employees before or during these times.

For more information on managing the hidden causes of data breaches, visit CEB.

About CEB

CEB is a best practice insight and technology company. In partnership with leading organizations around the globe, we develop innovative solutions to drive corporate performance. CEB equips leaders at more than 10,000 companies with the intelligence to effectively manage talent, customers, and operations. CEB is a trusted partner to nearly 90% of the Fortune 500 and FTSE 100, and more than 70% of the Dow Jones Asian Titans. More at

Logo -


To view the original version on PR Newswire, visit:


Donavan Thomas,, +1 (571) 303-4715