The recent report from the Ponemon Institute, sponsored by security company Trend Micro, found the cause of many data breaches was a combination of employee error and misconduct.

The report called ‘The Human Factor in Data Protection,’ revealed that more than 78 percent of respondents site intentional and accidental staff errors for at least one data breach in the past two years. And a separate analysis of companies of fewer than 100 employees found that small to medium businesses are at greater risk of their employees mishandling data than large enterprises. The rate of data breaches at SMBs was 81 percent, compared to 78 percent across the board.

This is because the report identified SMB employees were reported to be more likely to engage in ‘risky’ behavior; over half (58 percent) have or will open attachments or website links in spam, compared to 39 percent from large enterprises.

More than three quarters (77 percent) will or have left their computer unattended, compared with 62 percent at enterprises. A further 55 percent of SME employees were likely to visit off-limit websites, 11 percent more at enterprises.

 The three base causes of security breaches are laptop loss or mobile data device (35 percent), third party mishaps (32 percent), and system errors (29 percent).  Nearly 70 percent of respondents felt strongly that their organization’s security measures are not sufficient to stop a targeted attack or hacker.

Once again the Ponemon Institute has presented a crucial piece of work for the small and med size businesses to take note of.  Given the choice of attacking a large enterprise network with a dedicated security team watching it or hitting a smaller less patrolled network which would you pick?  Run the risk of quick detection or smaller safer reward with smaller chance of discovery?