Renee LaLonde, regional vice-president at CA Canada, called the findings alarming; despite the fact that many high-profile data breaches have made headlines over the last several years. The most surprising finding, she said, was that one-third of survey respondents cited internal security breaches as the biggest threat – compared with less than five per cent in 2003. “Threats and security breaches are evolving and it’s to the point where internal breaches constitute the biggest concern,” LaLonde said. “For the most part, enterprises have the right tools for virus attacks, network attacks, and keylogging, but the internal breaches need to be tackled.”

James Quin, senior security analyst at London, Ont.-based Info-Tech Research Group, said he was unsurprised at the survey findings and attributed the results to the increasing sophistication of the cyber criminal community. He also said that, unlike several years ago, companies have begun classifying internal security lapses as a data breach in itself.

“Virus and malware are tailing off in severity, whereas the more targeted attacks are increasing in severity,” he said. “As for internal security breaches, it’s important to note that it isn’t always a malicious action and in most cases is a result of human error. Previously, organizations would only look at classifying breaches as a result of a malicious attack, but now they are beginning to realize that when Bob from accounting loses a disk drive, it’s a data breach that needs to be reported.”

Privacy commissioner probes cloud computing