The biggest data breach threats to credit unions may be internal, accordingto a recent survey. “Insider Threats and the Need for a Fast andDirected Response” showed that 74% of tech personnel suffer fromstaff risk concerns that carry over to their institutions.

The survey, conducted by the SANS Institute and sponsored byVero Beach, Fla. behavior analysis software vendor SpectorSoft,took place between December 2014 and January 2015. It usedresponses from 772 IT professionals representing a cross-section ofindustries and organizations from technology, government,financial, education and healthcare sectors.

According to a SpectorSoft press release, survey resultsindicate that most organizations have gaping security holes when itcomes to protecting themselves against insider threats. In fact,32% have no ability to prevent an insider attack, puttingthemselves at severe risk for significant data loss as well asdamage to their brand and reputation. What's worse is they knowit's a serious priority – almost all respondents say they'reconcerned that insiders could be detrimental to theirorganizations.

Although organizations know insider attacks pose a salientthreat, spending on insider threat defenses falls short. Without acomprehensive understanding of what they are spending to preventthe problem, it is likely that organizations also will not knowwhat insider threat defenses they lack, or where they can investfurther to fill in security gaps and bolster protection against apotential insider attack.

Other results of the survey include: 44% of respondents saidthey don't know how much they currently spend on solutions thatmitigate insider threats; 45% don't know how much they plan tospend on insider threat technology in the next 12 months; 52% ofrespondents cannot size the potential damage; and 44% do not knowwhat they are spending to address the threat.

As awareness of data loss gains momentum, more organizations arestarting to understand the importance of incident response plans,with 69% of respondents maintaining that they currently have one inplace.

Causes behind these security gaps are numerous, with respondentsciting lack of training, lack of budget and lack of internal staffas the three most significant reasons for lack of insider threatdefenses. However, in addition to budget and staffing woes, 28% ofall respondents claim that insider threat detection and preventionis not even a priority in their organizations.

In addition, the majority of credit unions have serious securityconcerns regarding insider threats, according to the results of asurvey conducted by Westport, Conn.-based Awareness Technologies inpartnership with the CUNA Strategic Services.

Results indicated that 83% of surveyed financial institutionsadmit a big concern about confidential information transferred tounauthorized recipients, while another 52% are worried aboutsensitive data transferred by use of removable media.

Even more concerning, 77% of all credit unions surveyed saidthey do not believe or were unsure if they had complete protectionregarding internal datathreats. However, 62% stated they already have securitycontrols in place.

In addition, at an international gathering of IT security prosattending the E-Crimes Congress in London,, a survey conducted bysecurity solutions provider Websense found a sizable majority (70%)believe the CEO is ultimately responsible in the event of a databreach, followed by those who believe responsibility lies with thechief security officer (13%), board members other than the CEO orCSO (9%), the IT department (5%) and the individual employeeinvolved (4%).