Careless Employees are UAE Organizations’ Biggest Data Loss Problem: Proofpoint Report

As much as 94% of UAE organizations experienced data loss in the past year; 94% of those saw negative outcomes, including business disruption and revenue loss as well as regulatory fines.

Emile Abou Saleh, Senior Regional Director at Proofpoint Middle East, Turkey & Africa

Proofpoint, Inc., a leading cybersecurity and compliance company, has released its inaugural Data Loss Landscape report, which explores how current approaches to data loss prevention (DLP) and insider threats are holding up against current macro challenges such as data proliferation, sophisticated threat actors, and generative artificial intelligence (GenAI). The findings reveal that data loss is a problem stemming from the interaction between humans and machines — “careless users” are much more likely to cause those incidents than compromised or misconfigured systems.

While organizations are investing in DLP solutions, Proofpoint’s report shows that those investments are often inadequate. 94% of surveyed organizations in the UAE experienced data loss in the past year. Almost all (94%) of those affected faced a negative outcome, such as business disruption and revenue loss (reported by 55% of affected UAE organizations) or regulatory violation/fine (47%).

Emile Abou Saleh, Senior Regional Director at Proofpoint Middle East, Turkey & Africa, said: “Data loss poses a severe threat, where a simple oversight can lead to the loss of critical data. It is, therefore, crucial for employees to understand the role they play in data protection and that it is not just an IT problem. As work models evolve, organizational strategies for securing data across all platforms must also adapt. By enhancing data loss prevention policies and insider risk strategies across the board—from endpoints and cloud apps to email and the web— organizations will be able to bolster their defenses against the modern security landscape, ensuring a secure digital future for everyone involved.”

“This research illuminates the most critical aspect of the data loss problem: its human causes,” said Ryan Kalember, chief strategy officer of Proofpoint. “Careless, compromised, and malicious users are and will continue to be responsible for the vast majority of incidents, all while GenAI tools are absorbing common tasks—and gaining access to confidential data in the process. Organizations need to rethink their DLP strategies to address the underlying cause of data loss—people’s actions—so they can detect, investigate, and respond to threats across all channels their employees are using including cloud, endpoint, email, and web.”

The 2024 Data Loss Landscape report examines third-party survey responses from 600 security professionals at organizations with 1,000 or more employees across 17 industries from 12 countries. These insights were supplemented with data from Proofpoint’s Information Protection platform and Tessian, which Proofpoint acquired last fall, to convey the scale of the data loss and insider threats that organizations face.

Key global findings include:

Data loss is a widespread yet preventable problem: organizations experienced the equivalent of two incidents per month (a mean of 24 data loss incidents per UAE organization in the past year), and 75% of respondents said the main cause was careless users. Carelessness includes misdirecting emails, visiting phishing sites, installing unauthorized software, and emailing sensitive data to a personal account. These all-preventable behaviors that could be mitigated with practices such as implementing data loss prevention policy rules for email, web uploads, cloud file synching, and other common data exfiltration methods.
Misdirected email is one of the simplest and most significant sources of data loss: According to 2023 data from Tessian, about one-third of employees sent one or two emails to the wrong recipient. That means a business of 5,000 employees can expect to deal with around 3,400 misdirected emails per year. A misdirected email containing employee, customer or patient data can potentially trigger a significant fine under GDPR and other legal frameworks.
Generative AI is the fastest growing area of concern: tools such as ChatGPT, Grammarly, Bing Chat and Google Gemini are increasing in power and utility, and more users are inputting sensitive data into these applications. “Browsing gen AI sites” has become one of the top five DLP and insider threat alert rules configured by organizations using Proofpoint’s Information Protection platform.
Consequences of malicious actions can be costly: 19% of respondents said malicious insiders such as employees or contractors were behind data loss incidents. Malicious actions and departing employees who seek to harm the organization can have even greater implications than careless insiders because these individuals are motivated by personal gains.
Departing employees were identified as one of the riskiest users (22%): departing employees do not always think they are acting maliciously—some simply feel entitled to leave with information they have produced. Proofpoint data shows that 87% of anomalous file exfiltration among cloud tenants over a nine-month period was caused by departing employees, underscoring the need for preventative strategies such as implementing a security review process for this user category.
Privileged users are the riskiest: Almost three-quarters (72%) of UAE respondents identified employees with access to sensitive data, such as HR and finance professionals, as representing the greatest risk of data loss. Additionally, Proofpoint data shows that 1% of users are responsible for 88% of data loss events. These findings indicate that organizations must prioritize best practices such as using data classification to identify and protect business-critical data and the “crown jewels,” as well as monitoring people with access to sensitive data or admin privileges.
Organizations’ data loss prevention programs are maturing: Many DLP programs in the UAE are initially implemented in response to legal regulations, with more than one-third (36%) of survey participants citing meeting regulatory compliance standards as the primary driver. Protecting the privacy of employees and customers and minimizing costs associated with data loss came in as the top drivers for UAE organizations (both at 50%).

“Emerging channels underscore the importance of regularly reviewing DLP programs, as these types of rapid developments change user behaviors,” said Kalember. “Strategies such as implementing purpose-built DLP platforms can help advance security programs by enabling security teams to gain full user and data visibility into all incidents and address the full spectrum of human-centric data loss scenarios. Humans are a critical data security variable—and data loss prevention programs must recognize this.”

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Huawei launches ground-breaking solar inverter at World Future Energy Summit

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

Interview: OTIFYD’s intelligent approach to cybersecurity

Extreme Introduces Hub for Research, Development and Innovation in Networking

Interview: AI continues to strengthen cyber defence

Help AG Unveils Top Digital Threats and Trends in Cybersecurity

AVEVA launches CONNECT, the world’s leading industrial intelligence platform, at Hannover Messe