A new IDC survey of business has found that the fear of data ‘leaking' from companies is now so commonplace it has eclipsed worries over traditional threats such as external hacking.

The commonest ‘very likely' or ‘likely' security worries reported by the 407 companies with more than 500 employees from 18 countries around the globe (including 53 from the UK), were loss of laptops and PCs and being hit with spam, which worried around 55 percent and 45 percent of respondents, respectively. Viruses and other types of malware were not far behind.

But garnering high levels of worry were internal and unintentional theft and loss of data by employees, something which reflects changing assumptions about the trustworthiness and reliability of the office workforce. Almost two thirds reckoned their companies would be hit by some form of data loss caused by staff.

Malicious exposure, specifically, was said to be likely by around 35 percent of those asked, way ahead of hacking from outside sources, cited by under 20 percent of respondents. When asked about the impact of internal security breaches, the answers admit that deliberate acts almost certainly come at considerable cost, with 40 percent or more agreeing that it would be ‘destructive' or ‘significant'.

Insiders know where to look, what is valuable, and will often have the access to steal data without being detected, all of which adds up to a major headache for companies looking to meet compliance regimes. Interestingly, other findings included the not very surprising one that the global movement to create compliance regimes are resented by companies, which buy them only grudgingly.

Data loss and protection (DLP) products will likely be the big winner from all of this angst about the silent-but-deadly cubicle hackers, though it is less clear how it will be afforded. Forty-one percent of those surveyed had chopped spending with security the one shining spot, with 36 percent actually planning to pump more money into that area of their operation.

When all else fails, "cost cutting in security must be a decision based on risk management. In other words, make a decision based on how a delayed investment will impact the security posture, as well as the potential ‘cost' of not investing in security," notes the report, tartly.

The 2009 Global IT Security Research Results Summary was carried out by Dimension Data.