Companies Struggle to Build and Run Effective Programs to Protect Data From Insider Threats

“Data loss from insiders is not a new problem but it has become more complex. Our past research has focused on the key drivers of insider risk like workforce turnover and cloud adoption. This year, our goal was to understand the specific challenges security teams face when building and maintaining insider risk programs.

"The research reveals that both detection of and response to insider events have become more challenging. Organizations need to re-evaluate their approach to insider risk to ensure the technology and programs in place are effective, and that they drive cultures where employees make safer and smarter decisions about data."

• 86% of respondents said an insider event would impact company culture, compared with 72% from the prior year's report.
• Impacts around employee acquisition/retention increased from 72% to 79% from last year’s report, an indication that insider risk is “deeply intertwined” with a company’s culture.

• Respondents said there would be a major or moderate impact on revenue (88%) and reputation (88%) following an insider risk event.
• Respondents rank "accidental" as the top incident they’re most concerned about, followed by malicious and negligent.
• Respondents concerned with accidental events increased year-over-year while those concerned with "negligent" events decreased.

• CISOs are hyper aware of the growing challenges associated with managing insider risk, with 82% indicating that data loss from insiders is a problem for their company.
• With 76% of CISOs anticipating data loss from insider events to increase at their company in the next 12 months, many are re-evaluating the current approaches, technologies and processes they have in place.
• 79% of CISOs feel they could lose their job from an unaddressed insider breach due to the impact it would have on corporate culture, reputation and financial standings.
• CISOs ranked insider risk (27%) as the most difficult type of threat to detect at their company, placing it above cloud data exposures (26%) and malware/ransomware (22%).
• 79% of CISOs do not feel the leadership team (board, C-suite) places enough attention on data loss from insiders.

• 70% of companies have an IRM program in place, but 85% of companies said they still face technology and visibility challenges when it comes to protecting against exploitation by insiders.
• Only 19% of companies’ global cybersecurity budget is dedicated to detecting, investigating, responding and mitigating insider risk despite it being the hardest threat to detect.
• 69% of respondents indicate that their budget for insider risk management will increase over the next year.
• Companies are leveraging multiple technologies to protect and manage insider risk, with 90% using a combination of IRM, data loss prevention, cloud access security broker and user and entity behavior analytics to protect data from exfiltration by insiders.

• The frequency of cybersecurity training has increased over time, with 30% of companies now conducting training weekly compared with 22% in last year’s report.
• 93% of CISOs agree that the new hybrid-remote workforce has increased the need for data security training in their company.
• Those organizations conducting training weekly are more likely to say a complete overhaul is needed than those conducting it monthly (22% vs. 10%, respectively).
• The companies conducting monthly security training dropped from 32% to 27% year over year, with data indicating that more organizations are providing weekly training.