Based on 326 cybersecurity professionals, this survey uncovers the trends around insider threats and how organisations respond. It found heightened concern over the insider threat risk.
- 74% of respondents feel moderately to extremely vulnerable to insider threats. 74% also say these attacks have become more frequent in the last 12 months.
- The most critical impacts of insider attacks were loss of critical data (45%), brand damage (43%), and operational disruption or outage (41%).
- The motivation for the insiders are monetary gains followed by the desire to cause reputational damage to the organisation.
- The types of insider threats people are most concerned with include compromised accounts, inadvertent data breaches (where the employee doesn’t know they have violated security policy), negligent data breaches (where a user ignores the policy but doesn’t have bad intentions), and malicious data breaches (deliberate with bad intentions).
- Security teams find it challenging to detect and prevent insider attacks, because perpetrators already have access to the network; because employees use apps like Dropbox or web email; and because employees are increasingly using their personal devices to access work information.
- 39% of organisations have established an insider threat program, with 46% aiming to do so in future. These programs are most often overseen by the CISO and IT Security Managers.
- To prevent insider attacks, full visibility and control across the entirety of apps, devices, and infrastructure is seen as important by 87% of respondents. 53% believe that detecting these attacks has become harder since moving to the cloud.
- A very common approach to combating insider threat is to monitor user behaviour: 86% of organisations monitor their user behaviour in some way.