Employees have replaced hackers as the most likely source of data theft in companies around the world. A PricewaterhouseCoopers survey of 7,200 senior corporate officers from more than 100 countries found that 69 per cent of respondents believed that employees and former employees were the most likely source of internal information being compromised. Only 41 per cent thought that hackers were the most likely source. The accounting company's fifth annual Global State of Security Study 2007 also found that the most routine breaches occurred through e-mail and abused corporate user log-on accounts, but only half of the respondents employed any safeguard against this. The figure was 70 per cent for employees and former employees in the mainland compared with 56 per cent for hackers. But Kenneth Wong King-sun, a partner for the firm's systems and process assurance practice in Hong Kong, said that the survey results highlighted growing awareness of data theft by employees rather than any real rise in actual incidents by workers. 'This was a big surprise for us. People working in the security industry all know that the threat from employees has always been there, it's just a question of whether people are aware of this particular threat and whether they were measuring it.' He also attributed this increase in awareness to several high-profile incidents around the world where crucial credit and private information from corporate databases were accidentally made public or lost. 'People are more concerned about something potentially happening that might have been committed by employees,' Mr Wong said. The concern is that employees are accessing the user accounts of their colleagues to steal confidential data which is then sold to rivals. 'It's not difficult. When we are hired by companies to do what we call penetration testing, in which we pretend to be an internal contractor, in around 80 per cent of the cases we were able to obtain some sort of confidential or sensitive data.' Mr Wong said while many companies had invested substantially in firewalls that blocked hackers in the internal computer networks there were still many loopholes and vulnerabilities that employees could exploit to access confidential data. He said that companies should heighten their data security safeguards, increase awareness among employees and provide transparent methods for staff to report breaches in security. The survey also found that the mainland lagged behind the rest of the world in terms of common privacy and information security safeguards. The survey found that only 31 per cent of respondents in the mainland conducted audits to identify potential vulnerabilities in computer networks compared with the global 42 per cent average.