Data breaches cost American financial organizations $5.9 million per breach on average. Meanwhile, sensitive information is routinely misplaced or left where others can find it.
A report released Monday by Shred-it, an information security service, found that 68% of businesses reported at least one data breach in the past 12 months. Three in four involved loss or theft of paper documents or electronic devices containing sensitive information.
The report revealed a discrepancy in priority between cybersecurity and physical security, and the mistakes employees and managers make that may be contributing to a rise in data breaches.
It said common workplace occurrences may be at the root of the problem as 65% of managers expressed concern that their employees or contractors had printed and left behind a document that could lead to a data breach.
Those fears were not overblown. Seven in 10 managers said they had seen or picked up confidential documents left in a printer, and more than three in four managers admitted that they had inadvertently sent an email containing sensitive information to the wrong person.
And 88% reported having received an email containing sensitive information they were not intended to receive from someone within or outside of their organization.
“The report reveals two key factors about information security in North American businesses — employee negligence, intentional or not, can be a leading contributor to data breaches and that businesses should equally consider the needs for cybersecurity and physical information security within their organization,” Ann Nickolas, senior vice president at Stericycle, the provider of Shred-it information security solutions, said in a statement.
“Although cybersecurity is no doubt an important element of protection, businesses should look to strike a balance between investing in physical security and cybersecurity, as well as integrating better communication with employees on risk factors, to best arm themselves against potential breaches.”
The Ponemon Institute conducted an online study in August involving 650 managers in IT security and non-IT positions in a variety of North American business sectors who were knowledgeable about their organization’s strategy for the protection of confidential and sensitive information.