@AC 11:59 re. uncompressible
"..From my records, it's an uncompressible percentage,..."
What records are these?...if you can tell us without uncloaking your AC status.
I'd have thought that if you got rid of the 'type of person' who did this, by firing them, then you would reduce the number of incidents and hence the percentage?
More study is needed as to why they carried out an unauthorised access that was deemed so serious as to be a dismissal offense. If it was for criminal or fraudulent gain then getting rid of them would flush the system of undesirable types. If however the access was motivated by simple human curiosity then that cannot be removed from the system. We'll probably never know the details of the nature of these unauthorised accesses.
""The fact that the systems IPS has in place have identified just 16 instances of unauthorised access over the past three years, and these resulted in 14 dismissals, is testament to the way in which the agency protects its data...."
They need to learn that detecting only 16 instances does NOT mean that only 16 instances occurred. They, and all organisations, need independent oversight, checking and testing, carried out by an external organisation. This will not happen due to entrenched interests and arse covering political/power structures - same as it ever was and it will get worse.