Data breaches

Guess who’s leaking as much data as cybercriminals

New research finds one large group in every business is increasingly behind data leaks. What can business leaders do?

Art by


Share article

IT economics report

New research by Kaspersky finds employees are causing more data leaks. So much so that employee action and cyberattacks are running neck-and-neck.

What’s behind this growth in employee-initiated data leaking? And what can business leaders do to turn employees from cyber risk to cyber asset?

Why are employees causing more data leaks?

More than 3,000 IT security managers in 26 countries contributed views to Kaspersky’s 2022 IT Security Economics report. The research found that in 2022, cyberattacks caused 23 percent of data leaks, while employees caused a close 22 percent.

This growing proportion of leaks linked to employees may follow work-life changes since the pandemic. The report says, “IT security teams are now battling data leakages caused by employees […] following the introduction of new staff laptops or tablets, and Virtual Private Networks (VPNs) to enable remote working.”

And it’s not all innocent mistakes. Most employee-triggered leaks involved ignoring cybersecurity policy, but security managers also reported more than a third (36 percent) were deliberate acts of sabotage or espionage.

How employees cause data leaks

Small, almost mundane actions often lead to data leaks. Usually, the employee is tricked by a ‘social engineering’ tactic or practicing poor cyber ‘hygiene.’ But what does that mean?

Social engineering

Cybercriminals use manipulative tricks known as social engineering to fool employees into giving them access to systems or giving out information they otherwise wouldn’t. A common approach is ‘phishing’ – emails or messages containing links that give cybercriminals access to business systems when clicked on.

Phishing is getting more sophisticated – mimicking, for example, emails announcing sales or discounts from household brands so well they’re hard to tell apart from the real thing.

‘Spear phishing’ is more targeted and personalized. It might, for example, target those in an organization most likely to take the bait, or mimic a target organization’s internal newsletter or email format.

Cybercriminals also engage in social engineering one-on-one. For example, they may phone employees saying they’re from the IT support desk and try to persuade the employee to share their login and password details.

Cyber hygiene

Maintaining good cyber hygiene means everyday practices that make it harder for cybercriminals to access systems.

The actions that make up cyber hygiene will hopefully be familiar, for example: Having complex passwords, always using a VPN when working remotely and deleting digital information you no longer need.

How to stop employee leaks

Cybersecurity awareness training aims to teach cyber hygiene alongside the broader education employees need to notice and avoid falling for social engineering tricks.

Earlier Kaspersky research in partnership with Longitude, a thought leadership agency within the Financial Times Group, found businesses confident in their cyber skills programs also report better overall cyberattack preparedness.

While cybersecurity experts should upskill regularly, the research highlights the importance of training all staff – beyond the IT department – to create a company-wide cybersecurity culture. One-off training is also not enough: staff need to absorb ideas and practice skills to make new habits.

Heathrow Airport’s innovative employee cyber awareness program aims to change behavior long-term with ‘little and often’ education targeted at those who need it most. Heathrow uses mock phishing emails to identify employees at risk of falling for cybercriminals’ tricks, so they’re not wasting time educating employees whose cyber awareness is already strong.

Heathrow Airport's staff cyber education is targeted and regular

Cybersecurity awareness training should also aim to encourage ‘cyber pride‘ – building positive motivation for good cyber behavior rather than stoking fear.

What about preventing employee sabotage?

Comprehensive cybersecurity education may not be enough to prevent the 36 percent of employee-generated data leaks done by disgruntled employees. Examples of how employees have deliberately leaked data abound – from sharing customer data online to handing access keys to cybercriminals.

Regular user access reviews – checking who has access to what and keeping all system access to a minimum – are important, but nothing surpasses the value of maintaining a positive workplace culture.

You must identify and act on employee ill-feeling before it gets so bad that someone goes on the attack.

Leaders need ways to ‘temperature check’ their organization beyond relying on the Personnel department or peers in senior leadership to thoroughly report concerns. Affected departments have a ‘dog in the fight,’ so to speak, and may not share everything they should. Ways to temperature-check include 360-degree feedback mechanisms – where all staff give anonymous feedback about their manager.

Writing in Forbes, founder of Rungway workplace advice platform, Julie Chakraverty, says, “To… uncover hidden attitudes and views, you need to ask your employees how they feel. Lead by example by being fully open and transparent… [and] empower your employees to share their opinions and give honest feedback.”

The change in how data leaks happen, with more employees triggering them, should give every business pause for thought. Bringing leadership focus back to workplace culture and employee wellbeing has always paid dividends across the business, but we now understand its crucial importance in keeping data safe.

Regular, targeted cybersecurity education, strong cyber hygiene and understanding how everyone in your organization is feeling should be central to your data protection strategy.

Kaspersky IT Security Economics report 2022

Find out what’s going on in IT security around the world from IT decision makers in 26 countries.

About authors

Alexey is an expert in data and information security. Since 2021 he is the Head of Information Security at Kaspersky.