Re-evaluating immature and ineffective insider risk management programs
Managing insider risk is becoming increasingly difficult. In fact, insider risk is emerging as one of the most challenging threats to detect, mitigate and manage, according to Code42.
Although more than 72% of companies indicate they have an Insider Risk Management (IRM) program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%, and 71% expect data loss from insider events to increase in the next 12 months.
With insider incidents costing organizations $16M per incident on average, and CISOs stating that insider risks are the most challenging type of threat to detect, the report is a clear call to action for the security industry to ‘do better’ and help professionals solve this challenge.
“Data loss from insiders is not a new problem but it has become more complex. Our past research has focused on the key drivers of insider risk like workforce turnover and cloud adoption. This year, our goal was to understand the specific challenges security teams face when building and maintaining insider risk programs,” said Joe Payne, Code42 CEO.
“The research reveals that both detection of and response to insider events have become more challenging. Organizations need to re-evaluate their approach to insider risk to ensure the technology and programs in place are effective, and that they drive cultures where employees make safer and smarter decisions about data. At Code42, we are focused on partnering with our customers to help them achieve this level of maturity,” Payne continued.
Insider risk is a cultural issue, not just a cybersecurity one
When compared with data from Code42’s last report, the impact of insider risk is being felt across an organization and is no longer limited to the cybersecurity team. 86% of respondents say an insider event would impact company culture, compared with 72% from the year prior.
Similarly, impacts around employee acquisition/retention increased from 72% to 79%. This indicates that insider risk is an issue that is deeply intertwined with a company’s culture and has a significant impact on the business.
The researchers have found:
- Respondents say there would be a major or moderate impact on revenue (88%) and reputation (88%) following an insider risk event.
- When asked about the types of insider risk they’re most concerned about, respondents rank accidental as number one, followed by malicious and negligent.
- Respondents concerned with accidental events increased year-over-year while those concerned with negligent events decreased.
Insider risk is a top concern for CISOs
CISOs are hyper aware of the growing challenges associated with managing insider risk, with 82% of CISOs indicating that data loss from insiders is a problem for their company.
With 76% of CISOs anticipating data loss from insider events to increase at their company in the next 12 months, many are re-evaluating the current approaches, technologies and processes they have in place.
The study found:
- 79% of CISOs feel they could lose their job from an unaddressed insider breach due to the impact it would have on corporate culture, reputation and financial standings.
- CISOs ranked insider risk (27%) as the most difficult type of threat to detect at their company, placing it above cloud data exposures (26%) and malware/ransomware (22%).
- Around four out of five (79%) CISOs do not feel the leadership team (board, C-suite) places enough attention on data loss from insiders.
Effectively managing insider risk requires the right technology and budget
While it’s promising to see that more than 70% of companies have an IRM program in place, 85% of companies note they still face technology and visibility challenges when it comes to protecting against exploitation by insiders, suggesting that the programs in place are immature and ineffective.
The study also found:
- Only 19% of companies’ global cybersecurity budget is dedicated to detecting, investigating, responding and mitigating insider risk despite it being the hardest threat to detect.
- Current IRM budgets are likely insufficient as 69% indicate that their budget for Insider Risk Management will increase over the next year.
- Companies are leveraging multiple technologies to protect and manage insider risk – with the majority (90%) using a combination of IRM, DLP, CASB and UEBA to protect data from exfiltration by insiders.
As the need for data security training increases, the quality of trainings matters just as much as the frequency of trainings
The frequency of cybersecurity training has increased over time with 30% of companies now conducting training weekly compared with 22% in last years report. However, the data indicates that frequency alone is not effective in building resilience to insider risk.
The quality of training is equally important and organizations must find a way to balance the two.
The study found:
- The majority (93%) of CISOs agree that the new hybrid-remote workforce has increased the need for data security training in their company.
- Those organizations conducting training weekly are more likely to say a complete overhaul is needed than those conducting it monthly (22% vs. 10% respectively).
- The companies conducting monthly security training dropped from 32% to 27% year over year, with data indicating that more organizations are providing weekly training.