Companies Struggle to Protect Data From Insider Threats

Code42 Software Inc., an insider risk management (IRM) company, released its Data Exposure Report for 2023. The study, conducted by independent enterprise technology market research expert Vanson Bourne, found insider risk is emerging as one of the most challenging threats to detect, mitigate and manage.

Although more than 70 percent of companies indicate they have an IRM program in place, the same companies experienced a year-on-year increase in data loss incidents of 32 percent, and 71 percent expect data loss from insider events to increase in the next 12 months.

With insider incidents costing organizations $16 million per incident on average, and CISOs stating that insider risks are the most challenging type of threat to detect, the report is a call to action for the security industry to ‘do better’ and help professionals solve this challenge.

“Data loss from insiders is not a new problem but it has become more complex. Our past DER research has focused on the key drivers of insider risk like workforce turnover and cloud adoption. This year, our goal was to understand the specific challenges security teams face when building and maintaining insider risk programs,” said Joe Payne, Code42 president and CEO. “The research reveals that both detection of and response to insider events has become more challenging. Organizations need to re-evaluate their approach to insider risk to ensure the technology and programs in place are effective, and that they drive cultures where employees make safer and smarter decisions about data. At Code42, we are focused on partnering with our customers to help them achieve this level of maturity.”

When compared with data from the company’s last report, the impact of insider risk is being felt across an organization and is no longer limited to the cybersecurity team. Eighty-six percent of respondents say an insider event would impact company culture, compared with 72 percent from the year prior. Similarly, impacts around employee acquisition/retention increased from 72 percent to 79 percent. This indicates that insider risk is an issue that is deeply intertwined with a company’s culture and has a significant impact on the business.

The study also found:

  • Respondents say there would be a major or moderate impact to revenue (88 percent) and reputation (88 percent) following an insider risk event.
  • When asked about the types of insider risk they’re most concerned about, respondents rank accidental as number one, followed by malicious and negligent.
  • Respondents concerned with accidental events increased year over year while those concerned with negligent events decreased.

CISOs are hyper-aware of the growing challenges associated with managing insider risk, with more than four in five (82 percent) CISOs indicating that data loss from insiders is a problem for their company. With 76 percent of CISOs anticipating data loss from insider events to increase at their company in the next 12 months, many are re-evaluating the current approaches, technologies and processes they have in place.

The study found:

  • 79 percent of CISOs feel they could lose their job from an unaddressed insider breach due to the impact it would have on corporate culture, reputation and financial standings.
  • CISOs ranked Insider Risk (27 percent) as the most difficult type of threat to detect at their company, placing it above cloud data exposures (26 percent) and malware/ransomware (22 percent).
  • Around four out of five (79 percent) CISOs do not feel the leadership team (board, C-suite) places enough attention on data loss from insiders.

While it’s promising to see that more than 70 percent of companies have an IRM program in place, 85 percent of companies note they face technology/visibility challenges when it comes to protecting against exploitation by insiders, suggesting that the programs in place are immature and ineffective.

The study also found:

  • Nineteen percent of companies’ global cybersecurity budget is dedicated to detecting, investigating, responding and mitigating insider risk despite it being the hardest threat to detect.
  • IRM budgets likely are insufficient as 69 percent indicate that their budget for insider risk management will increase over the next year.
  • Companies are leveraging too many technologies to protect and manage insider risk – with the majority (90 percent) using a combination of IRM, DLP, CASB and UEBA to protect data from exfiltration by insiders.

The frequency of cybersecurity training has increased with 30 percent of companies conducting training weekly compared with 22 percent in last year’s report. However, the data indicates that frequency alone is not effective in building resilience to Insider Risk. The quality of training is equally important and organizations must find a way to balance the two.

The study found:

  • The majority (93 percent) of CISOs agree that new hybrid-remote workforce has increased the need for data security training in their company.
  • Those organizations conducting training weekly are more likely to say a complete overhaul is needed than those conducting it monthly (22 percent vs. 10 percent respectively).
  • The companies conducting monthly security training dropped from 32 percent to 27 percent year over year, with data indicating that more organizations are providing weekly training.