Insider threats have become one of the most challenging issues for companies to detect and manage. The disclosure of confidential information has resulted in significant financial losses for large organizations, with each incident costing an average of $16 million. According to Code42’s recently released annual report, it is crucial for companies to focus on effective Insider Risk Management (IRM).
Although more than 72% of Code42 companies have an IRM program, incidents with data loss are increasing year over year. Thus, companies need to develop better strategies to prevent insider leaks. 88% of respondents in the Code42 survey agreed that insider incidents significantly affect their company’s income and reputation. Concern regarding random data leaks has also increased. In contrast, the number of respondents concerned about leaks due to negligence has decreased.
Information Security Directors are well aware of the risks associated with insider threats. In fact, 82% of Information Security Directors stated that the leakage of important confidential information is an urgent issue for their company, and 76% of them expect an increase in data loss due to insider incidents. Understanding the severity of this issue, many of them are already reviewing existing approaches, technologies, and processes to effectively manage such risks.
According to Code42’s survey, Insider Threats are the most challenging type of threats to detect (27%). Cloud safety threats (26%) come in second place, followed by malicious programs and extortion programs (22%). Surprisingly, 79% of Information Security Directors do not believe their company’s management pays sufficient attention to data breaches, and 79% of them are frightened of losing their job due to a loss of insider violation.
Although 70% of companies have an IRM program, 85% of them still face technical and confidential problems when it comes to protecting data from their insiders’ actions. The prevalent technological problems suggest that the current IRM programs are profoundly ineffective. Companies must have a better IRM program to prevent data leakage and associated risks.