entertaining statistics on insider threats from Code42

According to the recently published annual report companies Code42, insider threats , that is, the risks of leaking confidential information, have recently become one of the most difficult threats to detect, manage and mitigate. That is why it is high time for companies to focus on the effective management of insider risk (IRM).

Although more than 72% of companies surveyed by Code42 indicate that they have an IRM program, the number of data loss incidents is only increasing year by year. With insider incidents costing large organizations an average of $16 million per incident, and the increasing complexity of managing such risks effectively, companies need to develop better strategies to mitigate these types of risks.

The majority of respondents (88%) agreed that insider threat incidents have a significant or moderate impact on a company’s revenue and reputation. The number of respondents concerned about accidental data leaks has increased compared to last year. But the number of respondents concerned about cases of leaks due to negligence, on the contrary, has decreased.

CIOs are well aware of the growing challenges associated with managing insider risk: more than four out of five (82%) CIOs indicated that the leakage of sensitive confidential information is a pressing issue for their company. With 76% of CSOs surveyed expecting data loss from insider threat incidents to increase, many of them are already reviewing existing approaches, technologies and processes to better manage these risks.

79% of CIOs believe they could lose their jobs due to a missed insider breach. Insider threats were surveyed as the most difficult threat type to detect (27%), followed by cloud security threats in second place (26%) and malware and ransomware third (22%). About four out of five (79%) chief information security officers do not believe that the company’s management pays enough attention to data breaches.

While over 70% of companies have an IRM program, 85% of companies say they still face technology and privacy issues when it comes to protecting data from insider exploitation. This fact suggests that existing IRM programs are extremely ineffective.

The study also showed that only 19% of the global budget of companies allocated to cybersecurity is directed to the detection, investigation, response and prevention of insider threats. Despite the fact that this is the most difficult threat to detect.

Special attention should be paid to the regular study of the basics of cybersecurity with the employees of the enterprise. 30% of companies surveyed now provide cybersecurity risk training on a weekly basis, up from 22% last year. However, data show that frequency alone is not effective in increasing resilience to insider risk. The quality of training is just as important, and organizations must find a way to balance the two.

Thus, the issue of insider threats is extremely acute for the majority of surveyed companies. Despite regular employee training, the development of various IRM programs, and increasing budgets to combat this type of risk, the problem of confidential data leaks is still relevant. Probably, no one will ever be able to solve it completely, because the root of insider threats is primarily the human factor.