Enterprises are not investing enough of their resources in protecting against the theft of valuable intellectual property, instead concentrating too much on compliance efforts, a new report from Forrester Consulting concludes.

The survey, commissioned by RSA and Microsoft and released Monday, found that information security investments are “overweighed” toward compliance endeavors, which aim to safeguard customer, medical and payment card information. Meanwhile, for many organizations, investments to protect corporate secrets are insufficient, said the survey, which polled 305 IT security decision-makers worldwide

Employee-related accidents, such as lost phones or laptops, cost organizations much less money in damages than incidents of malicious theft by insiders and third parties, the study found. However, security “best practices” such as full-disk encryption and data leak prevention policies, are most often designed to reduce the impact of employee accidents and the frequency of data breaches involving customer information. They are less often used to prevent theft, the survey found.

Enterprises should instead, focus more of their resources on preventing insider theft and abuse by outsiders, the survey states.

This story is available in full from SC Magazine.