As businesses spend billions of dollars a year trying to protect their data from hacking that’s costing trillions, they face another threat closer to home: data theft by their own employees.

That’s one of the findings in a survey to be published today by management consultant Accenture Plc and HfS Research.
Of 208 organizations surveyed, 69 percent “experienced an attempted or realized data theft or corruption by corporate insiders” over the past 12 months, the survey found, compared to 57 percent that experienced similar risks from external sources. Media and technology firms, and enterprises in the Asia-Pacific region reported the highest rates – 77 percent and 80 percent, respectively.

“Everyone’s always known that part of designing security starts with thinking that your employees could be a risk but I don’t think anyone could have said it was quite that high,” Omar Abbosh, Accenture chief strategy officer, said in an interview in Tel Aviv, where he announced Accenture’s purchase of Maglan Information Defense & Intelligence Group, an Israeli security company.

Each year, businesses currently spend an estimated $84 billion to defend against data theft that costs them about $2 trillion – damage that could rise to $90 trillion a year by 2030 if current trends continue, Abbosh forecast. He recommended that corporations change their approach to cyber security by cooperating with competitors to develop joint strategies to outwit increasingly sophisticated cyber criminals.

“There’s a huge business rationale to share and collaborate,” he said. “If one bank is fundamentally breached in a way that collapses its trust with its customer base, I could be happy and say they’re all going to come to me, but that’s a false comfort” because “it pollutes the whole sphere of customers because it makes everyone fearful,” he said.

Despite recent high-profile data breaches of Sony Corp., Target Corp. and the U.S. Office of Personnel Management, many corporations do not yet consider cyber security a top business priority, Accenture found.

Seventy percent of the survey’s respondents said they lacked adequate funding for technology, training or personnel needed to maintain their company’s cyber security, while 36 percent said their management considers cyber security “an unnecessary cost.”