Cyber attacks from external sources often gain attention, but most data loss incidents are caused by events such as employees’ mishandling of data, according to a new Forrester report [1]. Companies are also considerably more likely to lose data through the loss or theft of laptops and other devices, the report found.

Thirty-one percent of the more than 7,000 employees surveyed cited loss or theft as the reason for a breach. Twenty-seven percent cited inadvertent misuse by an employee. This was followed by external attacks, named 25 percent of the time.

Personally identifiable information (PII) and intellectual property were the types of data that was most likely to have been potentially breached. PII and intellectual property were named by 22 percent and 19 percent of respondents, respectively. Payment and credit card data was named 3 percent of the time.

The increasing popularity of devices such as smart phones, in addition to the use of consumer-oriented applications, are a significant security concern, the study notes. It also found that, though most employers have security policies in place regarding how such devices and applications are used, they either don’t have the tools to support policies or their tools are insufficient to do so. The study also found that just 35 percent of respondents said their companies required the use of passwords on devices.