When losses were discovered, careless employees were the primary cause 56 percent of the time. The next most common cause, at 37 percent, was lost or stolen devices, followed by third party mistakes at 35 percent. Outside attackers were responsible for only 22 percent of breaches. Respondents were able to select multiple answers.
This is very different from the latest Verizon Data Breach Investigations report, which showed that more than 80 percent of all breaches were due to malicious outsiders.
However, the Ponemon study focuses specifically on the loss of high-value company documents, rather than more general breaches, such as stolen credit card numbers. In addition, the Verizon report is based on reports from police and forensics investigators who are most likely to be called in for a breach by outsiders.
"When it's internal, that kind of data breach is not necessarily one where you would contact the FBI," said Larry Ponemon, chairman and founder at Ponemon Institute.
In addition, while regulators require companies to report the loss of personally identifiable information, that typically doesn't apply to sensitive internal documents such as financial reports or trade secrets.
"We know that a lot of data breaches don't get disclosed," Ponemon said.
Sign up for CIO Asia eNewsletters.