‘Malicious insider’ fraud soars: KPMG survey

A FIFTH of data losses reported globally in the private and public sectors come from “malicious attacks” inside an organisation, according to a new survey that highlights the growing threat of employee fraud.

The KPMG survey – based on reports of lost and stolen data worldwide –  found that 20% of data loss incidents this year were caused by people within an organization, up sharply from 4% in 2007.

Since 2007, 23 million people globally, have been affected by data breaches involving the threat of a malicious insider, according to KPMG.

The survey’s findings come a day after the UK’s Information Commissioner’s Office announced its first fines of organisations for breaches of the Data Protection Act.

Malcolm Marshall, head of the information security practice at KPMG in the UK said: “The recession may have played its part in driving up the increase in malicious insider data loss incidences, as data becomes an increasingly valuable commodity. But the alternative is that as organisations get wiser to the tactics of hackers, then criminals may be tempting staff to pass on valuable information – hence the massive growth in the insider threat.”

In addition to rapid growth in malicious insider incidents, the survey also found that hacking remains the biggest threat of data loss, with almost a quarter of a billion people affected by it since 2007.

The KPMG research is based on publicly disclosed data loss incidents that were documented among many others by the Open Security Foundation, the Identity Theft Centre and the Information Commissioners Office.



Related reading