Why security pros fear finance department middle managers

Aged 35-44 and work in finance? You're the most likely person to leak company data, according to top-level management

Security professionals live in fear or finance middle managers leaking data - but those concerns may not be realistic. 

A poll of IT security pros revealed middle managers aged 35-44 who work in finance or HR departments are seen as the most likely culprits to leak company data - especially risky given the sensitive information they hold. 

"The concern over HR and finance is, at least in part, due to the sensitivity of the data that could be leaked and the consequences of that, and not necessarily that these departments are more careless than others,"  according to Guy Bunker, Clearswift's SVP of products.

The survey of 5,000 individuals in four countries showed 48 per cent believed the finance department posed a security threat to the business, with HR coming second place with 42 per cent. The poll, carried out by tech research firm Loudhouse on behalf of Clearswift, spoke to both decision makers and line-of-business employees.

Advertisement - Article continues below
Advertisement - Article continues below

Additionally, most respondents believed middle-managers posed the greatest overall threat (37 per cent), compared to senior management (19 per cent) and administrative staff (12 per cent). What's more, those in the 35-44 age range were thought to be the most likely to leak data maliciously.

While there has been an increase in the number of insider attacks, many of the respondents' worries are a question of perception, not necessarily reality, Bunker told IT Pro.

However, he noted that companies only declare actual breaches to the Information Commissioner's Office (ICO), so IT staff might be basing their opinions on what happens behind the scenes, such as near misses and internal leaks. 

New EU data protection rules, which are expected to be finalised by the end of this year, could make executives and board members "sit up and take notice" of security matters - particularly in the cases of large, global corporations, as the fines issued for data breaches will now be as a proportion of global turnover, and reporting will be mandatory.

"I do think that companies will start to put increased security processes and systems in place, to make sure that those near misses don't become incidents," Bunker said.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



Are you taking enough accountability on cyber security?

18 Dec 2019

How can you protect your business from crypto-ransomware?

4 Nov 2019

How to enhance your backup strategy

10 Oct 2019
data recovery

Data recovery: Why is it so important?

9 Oct 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020