Insider risk is emerging as one of the most challenging threats for organizations to detect, mitigate and manage, Code42 Software said in its annual Data Exposure Report for 2023.
700 Cyber Leaders Surveyed
To compile data for the study, the Minneapolis, Minnesota-based company surveyed some 700 cybersecurity leaders, managers and practitioners from U.S. companies with 500 or more employees. Although more than 72% of companies indicate they have an insider risk management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%. More than seven in 10 (71%) expect data loss from insider events to increase in the next 12 months.
Insider incidents are costing organizations $16 million per incident on average, and chief information security officers (CISOs) say that insider risks are the most challenging type of threat to detect. Accordingly, Code42 positioned the report as a “clear call to action” for the security industry to help professionals solve this challenge.
Commenting on the findings, Joe Payne, Code42 president and chief executive, said:
“Data loss from insiders is not a new problem but it has become more complex. Our past research has focused on the key drivers of insider risk like workforce turnover and cloud adoption. This year, our goal was to understand the specific challenges security teams face when building and maintaining insider risk programs.
"The research reveals that both detection of and response to insider events have become more challenging. Organizations need to re-evaluate their approach to insider risk to ensure the technology and programs in place are effective, and that they drive cultures where employees make safer and smarter decisions about data."
Security Landscape Examined
Here are some results from the study:
On company cybersecurity culture...
- 86% of respondents said an insider event would impact company culture, compared with 72% from the prior year's report.
- Impacts around employee acquisition/retention increased from 72% to 79% from last year’s report, an indication that insider risk is “deeply intertwined” with a company’s culture.
On impact of insider cyber incident...
- Respondents said there would be a major or moderate impact on revenue (88%) and reputation (88%) following an insider risk event.
- Respondents rank "accidental" as the top incident they’re most concerned about, followed by malicious and negligent.
- Respondents concerned with accidental events increased year-over-year while those concerned with "negligent" events decreased.
On insider risk and CISOs...
- CISOs are hyper aware of the growing challenges associated with managing insider risk, with 82% indicating that data loss from insiders is a problem for their company.
- With 76% of CISOs anticipating data loss from insider events to increase at their company in the next 12 months, many are re-evaluating the current approaches, technologies and processes they have in place.
- 79% of CISOs feel they could lose their job from an unaddressed insider breach due to the impact it would have on corporate culture, reputation and financial standings.
- CISOs ranked insider risk (27%) as the most difficult type of threat to detect at their company, placing it above cloud data exposures (26%) and malware/ransomware (22%).
- 79% of CISOs do not feel the leadership team (board, C-suite) places enough attention on data loss from insiders.
On risk management technology, budget...
- 70% of companies have an IRM program in place, but 85% of companies said they still face technology and visibility challenges when it comes to protecting against exploitation by insiders.
- Only 19% of companies’ global cybersecurity budget is dedicated to detecting, investigating, responding and mitigating insider risk despite it being the hardest threat to detect.
- 69% of respondents indicate that their budget for insider risk management will increase over the next year.
- Companies are leveraging multiple technologies to protect and manage insider risk, with 90% using a combination of IRM, data loss prevention, cloud access security broker and user and entity behavior analytics to protect data from exfiltration by insiders.
- The frequency of cybersecurity training has increased over time, with 30% of companies now conducting training weekly compared with 22% in last year’s report.
- 93% of CISOs agree that the new hybrid-remote workforce has increased the need for data security training in their company.
- Those organizations conducting training weekly are more likely to say a complete overhaul is needed than those conducting it monthly (22% vs. 10%, respectively).
- The companies conducting monthly security training dropped from 32% to 27% year over year, with data indicating that more organizations are providing weekly training.