Companies struggle to protect against insider risks

Although more than 70 percent of companies say they have an insider risk management (IRM) program in place, the same companies experienced a year-on-year increase in data loss incidents of 32 percent, according to a new report from Code42 Software.

Based on a survey of 700 cybersecurity leaders, cybersecurity managers and cybersecurity practitioners in the US, conducted by Vanson Bourne, the report shows 71 percent expect data loss from insider events to increase in the next 12 months.

"Data loss from insiders is not a new problem but it has become more complex. Our past DER (Data Exposure Report) research has focused on the key drivers of Insider Risk like workforce turnover and cloud adoption. This year, our goal was to understand the specific challenges security teams face when building and maintaining Insider Risk programs," says Joe Payne, Code42 president and CEO. "The research reveals that both detection of and response to insider events has become more challenging. Organizations need to re-evaluate their approach to Insider Risk to ensure the technology and programs in place are effective, and that they drive cultures where employees make safer and smarter decisions about data. At Code42, we are focused on partnering with our customers to help them achieve this level of maturity."

Insider risk impacts across an organization and is no longer limited to the cybersecurity team. 86 percent of respondents say an insider event would impact their company culture, compared with 72 percent the year before. Similarly, impacts around employee acquisition/retention have increased from 72 percent to 79 percent.

The report shows 82 percent of CISOs say that data loss from insiders is a problem for their company. With 76 percent anticipating data loss from insider events to increase at their company in the next 12 months, many are re-evaluating the current approaches, technologies and processes they have in place.

Some 79 percent of CISOs feel they could lose their job from an unaddressed insider breach due to the impact it would have on corporate culture, reputation and financial standings. CISOs also rank insider risk (27 percent) as the most difficult type of threat to detect at their company, placing it above cloud data exposures (26 percent) and malware/ransomware (22 percent).

The role of training in combating the problem is also highlighted. 93 percent of CISOs agree that the new hybrid/remote workforce has increased the need for data security training in their company.

You can read more and get the full report on the Code42 blog and there will be a webinar to discuss the findings on April 6 at 1pm CST.

Image Credit: Andrea Danti/Shutterstock