Businesses are leaving themselves open to the risk of data breaches by failing to adequately control privileged users, according to a report from HP and the Ponemon Institute.

The survey spoke to more than 5,000 IT operations and security managers across 13 countries and found that 52% are at least "likely" to be provided with access privileges beyond those that their job requires.

Of those workers that are trusted with privileged access rights, 64% claim they will access confidential data simply out of curiosity, while 68% believe they are "empowered" to access all the sensitive data they want.

According to HP "general business data" is most at risk of snooping, along with customer data, while mobile, social media and business unit specific applications were most targeted.

What really stands out from these results is the lack of control many organisations appear to have over user access rights. Just under one-third of respondents believe that access governance policies are in-place and are strictly enforced at their organisation.

Just 15% of companies admitted they could be confident that they are able to determine if a user is complaint with policies.

Many respondents said that the inability to keep up with change requests from users, inconsistent approval processes, high costs of monitoring and difficulty in validating access changes were creating a barrier to enforcing privileged user access rights.

"This study spotlights risks that organisations don’t view with the same tenacity as critical patches, perimeter defence and other security issues, yet it represents a major access point to sensitive information," said Tom Reilly, vice president and general manager, Enterprise Security Products, HP.

"The results clearly emphasise the need for better access policy management, as well as advanced security intelligence solutions, such as identity and privileged user context, to improve core security monitoring."