An Analysis of Document Security Statistics

This analysis is compiled by our team of expert researchers in order to help businesses understand the different types of document security risks as well as the options available to ensure that these dangers are curbed.

As experts in SaaS media, we understand the need to keep up to date with the latest information in the industry, as well as ensure excellence and confidentiality our work. As so much of our data (across industries) is now online or stored digitally, the need to protect them is high.

The first step to achieving this is, however, to understand what the risks to document security are (in various forms), what measures can be taken to avoid these risks and how to implement them, and what other businesses did when they encountered a breach of document security.

Megon Venter

B2B SaaS Content Writer

Megon is a B2B SaaS Content Writer with 7 years of experience in content strategy and execution. Her expertise lies in the creation of document management tutorials and product comparisons.

Prevalent Threats to Document Security

There are several possible threats to document security. As we have established above, when referring to documents, we are mainly speaking about digital files and information or physical data that has been digitized.

The risks to document security can be divided into two overarching groups: mainly digital and online attacks or breaches and physical threats where data is taken or tampered with.

• According to the Hiscox Cyber Readiness report, 70% of organizations in Ireland reported being a victim of a cyber attack in the past year. This is classified as any attack that came from ransomware or phishing, amongst other examples.
  
  
• The IMF's Global Financial Stability Report in 2024 stated that cyber attacks have resulted in a $12 billion in direct losses to financial firms.
  
  
• A study conducted in 2023 by Thales Cloud Security found that human error was reported as the leading cause of cloud data breaches in 55% of cases. This suggests a need for better Cloud protocols and management practices.

The concept of social engineering is an interesting concept as it blurs the line between human intervention and digital breaches.

DEFINITION: Social Engineering in Software Theft

A process that involves baiting employees to gain access to sensitive documents. This can be through an attempt to reveal confidential information through sending the information or filling in a form through a link.

Another vulnerable area for a lot of businesses that involves the cloud is lack of encryption. This way of securing files with a type of password protection stops the interception of important information to storage or the access of it via vulnerable databases. For businesses seeking to improve their email security and protect against phishing, using an SPF generator can be a helpful tool to ensure emails are properly authenticated.

• Data by Thales Group suggests that over 60% of organizations do not encrypt sensitive information stored in databases.
  
  
• Furthermore, research done by Kaspersky in 2023 shows that 85% of companies globally have experienced cyber incidents. These software vulnerabilities can be attributed to a lack of proper updates and relevant anti-virus software.
  
  

"Often, organizations lose visibility into where sensitive data resides, who uses it, and whether it remains protected. In response, malicious actors have turned their attention to the cloud, looking to steal sensitive corporate and personally identifiable information."

Sharon Farber

Data Security Expert

Source: Palo Alto Networks

Lastly, we can look at what threats face businesses in the physical realm. These are still important to those who rely on employees to store and sort through information for digitization and archiving, as these instances can happen before this point.

• A study by the Ponemon Institute found that insider threats were responsible for 34% data breaches, pointing to the fact that internal protocols may need to be strengthened.
  
  
• Data indicates that around 21% of data breaches involve physical device theft (such as printed documents or external hard drives. Apart from cyber security, security measures also need to be made to secure external devices and manage permissions for document sharing.
  
  

Read also some software piracy statistics.

Counter-Measures to Document Security Threats

There are certain measures every business can take towards becoming more au fait with security awareness.

Your employees do not need to be security experts in order to follow basic protocols that can make a massive difference to their document safety.

• Companies that encrypt their data are 50% less likely to experience data breaches, states the Thales Data Threat Report 2023.
  
  
• Implementing multi-Factor Authentication adds an additional level of protection as it can block 99.9% of automated attacks on accounts according to the 2021 Microsoft Security Intelligence Report.

Of course, much of the threats to document security, as mentioned above, can be attributed to human error. For this reason, it is vital to ensure that proper training and security awareness takes place.

• According to the 2022 Cybersecurity Awareness Report, companies with strong security training programs see 45% fewer security incidents.
  
  
• Regularly updated employee software is another way to avoid cyber criminals. The Ponemon Institute’s Cost of a Data Breach Report 2022 states that outdated software is responsible for 60% of data breaches.

Lastly, who is able to access certain information as well as when is a precursor to common types of data breaches.

• Organizations with strict access controls reported 40% fewer data leaks, as reported the Verizon 2022 Data Breach Investigations Report.

In connection with the activities of individuals managing documents in a business, we can further discuss the importances of security solutions when it comes to controlling access.

Case Study: Okta Data Breach

In this case study, the problem of access control is key to a security breach that occurs within an established business in the IT software industry. Read on to gain a better understanding of how security incidents like this can happen.

The Company

Okta, Inc. is a U.S.-based identity and access management company headquartered in San Francisco.

It offers cloud-based software solutions that help businesses manage and secure user authentication across applications.

"Firms are encountering a heightened vulnerability to cyber incidents because of the escalating prevalence of shadow IT among employees."

Alessandro Mascellino

Freelance Journalist

Source: Info Security Magazine

The Incident

An incident occurred attackers stole employee credentials in order to access Okta's support case management system.

Certain files uploaded by Okta customers to their support cases were then exposed – these "customers" being other business, who in turn are responsible for the security of many other individuals.

• According to a study conducted by Kaspersky, 77% of companies experienced at least one cyber incident in the past two years.
  
  
• Furthermore, they found that 26% of all cyber incidents in the past two years were caused by employees’ intentional violations of information security policies.

This breach of data shows how a simple service account being compromised can lead to further damage and affect an innumerable amount of other documents or accounts.

"Organizations need a way to detect unauthorized usage of service accounts. This can be, for instance,using behavioral analysis  of this service account and alerting on anomalies."

Tal Skverer

Tech Writer

Source: Astrix Security

Document security threats are evolving as cybercriminals become more sophisticated, but implementing the right counter-measures can help protect your sensitive information.

Encryption, access controls, multi-factor authentication, and employee training are some of the most effective methods to mitigate risks and safeguard documents.

Sources

• SonicWall Cyber Threat Report, 2022
• Thales Data Threat Report, 2023
• Microsoft Security Intelligence Report, 2021
• Verizon Data Breach Investigations Report, 2022
• Ponemon Institute’s Cost of a Data Breach Report, 2022
• KnowBe4 Cybersecurity Awareness Report, 2022
• Kaspersky The Human Factor 360 Report, 2023