cyber trends storage where security teams lack visibility .
• Despite an increase in cybersecurity concerns stemming from the surge in remote work , only 43 % of respondents report that improving technology for a remote / hybrid workforce is a top two priority for their company .
Culture of disconnect means ownership of insider risk remains vague
While almost all companies ( 96 %) experience challenges in protecting corporate data from insider risks , there is a disconnect between security leaders , practitioners , business leaders and the board that is preventing teams from accurately measuring the insider risk problem . This impacts how insider risk is quantified and presented to senior team members , including the board . The study also found :
• Nearly three-in-five ( 57 %) cybersecurity practitioners report that cybersecurity leaders don ’ t consult the team when making decisions about their company ’ s cybersecurity strategy .
• 56 % of cybersecurity leaders and practitioners agree that they feel like they don ’ t have a strong voice in business decisions made by the business leadership team .
• The vast majority ( 91 %) of respondents still believe that their companies ’ board requires more understanding of insider risk .
Companies are still adapting to new ways of working and it ’ s clear many organisations will be managing a hybrid workforce for the foreseeable future .
Sustained hybrid-remote work environments push organisations to re-evaluate security awareness training
Companies are still adapting to new ways of working and it ’ s clear many organisations will be managing a hybrid workforce for the foreseeable future . Hybrid-remote work heightens security challenges and many respondents ( 55 %) are concerned about employees becoming lax in their cybersecurity practices .
That number is even higher for those in the public sector ( 70 %). The data suggests that companies should examine the frequency , relevance and quality of their training protocol . The study also found :
• Almost all companies ( 96 %) believe they need to improve the data security training they give to employees .
• Nearly one-third of organisations ( 32 %) say they need to completely overhaul employee security training ; 63 % of those in the public sector are the most likely to hold this opinion .
Pre-IPO companies are making insider risk management a priority
Intellectual Property ( IP ) is one of the most valuable commodities of a company planning to file an initial public offering ( IPO ). That , combined with compliance regulations around security controls , means pre-IPO companies must take a closer look at their company ’ s vulnerability for insider risk events . Of all company stages , pre-IPO companies are the most likely to have an IRM program ( 77 %). The study found :
• 85 % of pre-IPO companies cite insider risk as a board-level priority and 82 % indicate insider risk is discussed at every board meeting .
• Regardless of company maturity , reputational damage as a result of insider risk events is the number one concern across all organisations .
• Loss of IP / customer data is more likely to be a fear for 51 % of companies that have had a merger , acquisition or divestiture in the last 12 months than it is for companies that have one planned in the next 12 months ( 32 %). This may be due to the tendency of employees to depart companies post-merger and a fear of those employees taking company data with them when they do so .
The public sector and financial services industry are leading the way in IRM
The public sector ( 84 %) and financial services industry ( 76 %) have the highest percentage of organisations with an IRM program in place and devote the largest proportion of their cybersecurity budget ( 26 % and 24 %) to insider risk compared to the survey average of 21 %. The study also found :
• While 98 % of surveyed companies in the financial services industry report having fears regarding insider risk , all industries are concerned about the impacts of an insider risk incident .
• Media , leisure and entertainment companies have the smallest average budget allocated to mitigating insider risk ( 16 %).
• 58 % of companies within the public sector are planning to add new cybersecurity technologies to better monitor file movements . u
Methodology
Code42 commissioned independent market research agency Vanson Bourne to conduct the Data Exposure Research . The 2022 study surveyed 700 respondents from companies in the US in September and October 2021 . All interviews were conducted using a rigourous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate . www . intelligentciso . com
21