The State of Data Loss Prevention 2020: What You Need to Know

  • 28 May 2020

Today, Tessian released The State of Data Loss Prevention 2020, a comprehensive report that explores new and perennial challenges around data loss prevention.

  • What is data loss prevention (DLP)?

    DLP is a strategy to manage the risk of losing data from an organization. Generally speaking, rather than proactively defending against incoming cyberattacks, DLP software minimizes the risk of data leaving the organization.

Our findings reveal that data loss on email is a bigger problem than most realize, that remote-working brings new challenges around DLP, and that the solutions currently deemed most effective may actually be the least.

Why does this report matter?

IT, security, and compliance readers have a lot to gain by reading this report. To really understand why, we have to look at the current landscape.

Insider threats are a growing problem

  1. While email threats from external bad actors (like spear phishing and business email compromise) dominate headlines, email threats from insiders are steadily rising. In fact, there’s been a 47% increase in incidents over the last two years. This includes accidental data loss and deliberate data exfiltration.
  2. According to Verizon’s 2020 Data Breach Investigations Report It is a bit disturbing when you realize that your employees’ mistakes account for roughly the same number of breaches as external parties who are actively attacking you.”
  3. The DLP market is booming and is on track for significant growth. Why? Because it’s one of the top spending priorities for IT leaders with 21% planning to acquire DLP tools within the next year. 

Remote-working makes DLP even more challenging

  1. Over the last eight weeks, workforces around the world have transitioned from office-to-home. That means the perimeter has disappeared and past strategies have become obsolete.
  2. COVID-19 has been deemed a “field day for Insider Threats”. There are more opportunities than ever for employees to exploit privileged access to data, working from home can reduce the vigilance of employees handling confidential data, and there’s been a marked increase in COVID-19 phishing attacks.
  3. While some organizations will encourage their employees to migrate back to offices, many (including Facebook) have already opted to maintain remote-working set-ups. 

Interested in learning more about the methods and motives of Insider Threats? Read our blog: What is an Insider Threat? Insider Threat Definitions, Examples, and Solutions.

The implications of a data breach are far-reaching 

  1. The consequences of a data breach aren’t limited to lost data and revenue loss. Organizations also experience a 2-7% churn rate after a breach.
  2. Data privacy regulations add insult to injury. In the first quarter of 2020 alone, GDPR fines totaled nearly €50 million.

But, we had to look beyond third-party research and conduct our own. 

What will I learn?

We analyzed Tessian platform data and commissioned OnePoll to survey 2,000 professionals (1,000 in the US and 1,000 in the UK) and 250 Information Technology (IT) leaders. We also interviewed IT, security, and compliance leaders about their own experiences with DLP.

Here’s what we found out:

  • Data loss incidents are happening as much as 38x more often than IT leaders currently estimate.
  • 800 misdirected emails are sent every year in organizations with 1,000 employees.
  • 27,500 emails containing company data are sent to personal accounts every year in organizations with 1,000 employees.
  • 84% of IT leaders say DLP is more challenging when their workforce is working remotely.
  • While 91% of IT leaders say they trust their employees to follow security policies while working from home, almost half (48%) of employees say they’re less likely to follow safe data practices when working from home.
  • Email is the threat vector IT leaders are most concerned about.
  • 54% of employees say they’ll find a workaround if security software or policies prevent them from doing their job and 51% say security tools and software impede their productivity. 
  • While IT leaders believe security awareness training is the most effective way to prevent data loss, machine learning is the better option. 
  • Dozens more insights in the full report, including segmented data around industry, company size, age, and region. 

How can I access The State of Data Loss Prevention 2020?

IT leaders must have visibility over how their employees are handing and mishandling data on email in order to implement effective DLP strategies. 

Our report shines a light on the problems and best solutions. 

You can access the full report via our microsite. And, if you’re interested in learning more, save your spot at Tessian Human Layer Security Summit on June 18.