At least 85% of organisations in South Africa experienced an internal information security incident last year, some of which led to sensitive data loss.

The Global Corporate IT Security Risks survey by the B2B International research agency and Kaspersky Lab found that the most common types of internal threats are vulnerabilities or flaws, and loss or theft of mobile devices by staff.

Most companies around the globe understand the importance of IT security preventive measures and implement them to varying degrees. In order to minimise internal security risks, 52% of the organisations surveyed in South Africa have network structures that, for example, separate mission-critical networks from other networks and 66% use different levels of access privilege to IT systems.

However, many companies admit that existing measures are insufficient and some are increasingly implementing new security solutions which could enforce policies and provide additional protection from data loss.

For instance, less than half the companies surveyed locally use application control, device control or an anti-malware agent for mobile devices. Even fewer organisations in South Africa have implemented a mobile device management solution (18%) or encryption on removable devices (32%).

Another problem is that employees do not always comply with existing corporate security policies, and less than half of the companies locally (41%) have clearly outlined sanctions and disciplinary procedures for when IT security policies are breached. Meanwhile, 43% of the companies surveyed feel that security policies are valued by the staff.

Moreover, the Global Corporate IT Security Risks 2013 survey results demonstrate that small and medium-sized businesses worldwide have an even lower level of security solution implementation than enterprise-sized companies.