Employee mistakes were ranked as the highest risk in the 2019 Global Encryption Trends Study, though employee-owned devices on company networks deserve more security scrutiny.

When it comes to assessing security risks, exposure of sensitive data is most likely to result from human error when handling data and malfunctions of systems and processes designed to protect data, according to the 2019 Global Encryption Trends Study, published Thursday by nCipher Security and the Ponemon Institute. More than half (54%) of respondents indicated employee mistakes were the largest risk, while 30% cited system or process malfunction in the survey question, for which more than one choice was permitted.

These concerns outweigh those of targeted attacks by hackers and malicious insiders, with 30% of respondents citing hackers, 22% citing temporary or contract workers, and 21% citing malicious insiders, the report found. Third-party service providers were cited by 19% of respondents. Concerns of government interference—both lawful and eavesdropping—were not priority concerns, cited by only 11% and 12%, respectively.

SEE: Windows 10 security: A guide for business leaders (Tech Pro Research)

Motivation for encrypting data is equally split between protecting the intellectual property of the organization and protecting the sensitive personal information of customers, with 54% of respondents citing those factors as the main drivers for deploying encryption. Protecting against specific, identified threats followed closely at 51%, while 46% cited compliance “with external privacy or data security regulations and requirements.”

Prioritizing encryption surfaces emerging security risk

Overextended IT workers inevitably must prioritize what they view to be the highest-risk technologies, and work to secure them. These highest-risk items are what you would suspect—Internet communications, databases, and backups/archives comprise are the top three. At the very bottom of the list are Internet of Things (IoT) devices and platforms, at 52% and 50%, respectively.

With the proliferation of both IoT devices in general and in the workplace, as well as the ubiquity of employee-owned devices in workplaces and BYOD policies, IT departments are being made responsible for ensuring the security of these devices.

Demand for IoT security solutions is anticipated to drive that market to $9.88 billion by 2025, according to a report from Grand View Research late last year. Likewise, an abundance of high profile IoT security breaches in 2018 should make IT security professionals take a second look at what devices are brought onto their networks by employees.

For more on the risks of data breaches, learn why 61% of CIOs believe employees maliciously leak data, and 3 security threats businesses need to prepare for by 2021.