Code42 Software, Inc. released its Annual Data Exposure Report (DER)
for 2023. The study, conducted by independent enterprise technology
market research expert Vanson Bourne, found that Insider Risk is
emerging as one of the most challenging threats to detect, mitigate and
manage. Although more than 72% of companies indicate they have an IRM
program in place, the same companies experienced a year-over-year
increase in data loss incidents of 32%, and 71% expect data loss from
insider events to increase in the next 12 months. With insider incidents
costing organizations $16M per incident on average, and CISOs stating
that Insider Risks are the most challenging type of threat to detect,
the report is a clear call to action for the security industry to ‘do
better' and help professionals solve this challenge.
"Data loss from insiders is not a new problem but it has become more
complex. Our past DER research has focused on the key drivers of Insider
Risk like workforce turnover and cloud adoption. This year, our goal
was to understand the specific challenges security teams face when
building and maintaining Insider Risk programs," said Joe Payne, Code42
president and CEO. "The research reveals that both detection of and
response to insider events have become more challenging. Organizations
need to re-evaluate their approach to Insider Risk to ensure the
technology and programs in place are effective, and that they drive
cultures where employees make safer and smarter decisions about data. At
Code42, we are focused on partnering with our customers to help them
achieve this level of maturity."
Insider Risk is a cultural issue, not just a cybersecurity one
When compared with data from our last report,
the impact of Insider Risk is being felt across an organization and is
no longer limited to the cybersecurity team. 86% of respondents say an
insider event would impact company culture, compared with 72% from the
year prior. Similarly, impacts around employee acquisition/retention
increased from 72% to 79%. This indicates that Insider Risk is an issue
that is deeply intertwined with a company's culture and has a
significant impact on the business.
The study also found:
-
Respondents say there would be a major or moderate impact on revenue (88%) and reputation (88%) following an Insider Risk event.
-
When asked about the types of Insider Risk they're most concerned about,
respondents rank accidental as number one, followed by malicious and
negligent.
-
Respondents concerned with accidental events increased year-over-year while those concerned with negligent events decreased.
Insider Risk is a top concern for CISOs
CISOs are hyper aware of the growing challenges associated with managing
Insider Risk, with over four in five (82%) CISOs indicating that data
loss from insiders is a problem for their company. With 76% of CISOs
anticipating data loss from insider events to increase at their company
in the next 12 months, many are re-evaluating the current approaches,
technologies and processes they have in place.
The study found:
-
79% of CISOs feel they could lose their job from an unaddressed insider
breach due to the impact it would have on corporate culture, reputation
and financial standings.
-
CISOs ranked Insider Risk (27%) as the most difficult type of threat to
detect at their company, placing it above cloud data exposures (26%) and
malware/ransomware (22%).
-
Around four out of five (79%) CISOs do not feel the leadership team
(board, C-suite) places enough attention on data loss from insiders.
Effectively managing Insider Risk requires the right technology and budget
While it's promising to see that more than 70% of companies have an IRM
program in place, 85% of companies note they still face technology and
visibility challenges when it comes to protecting against exploitation
by insiders, suggesting that the programs in place are immature and
ineffective.
The study also found:
-
Only 19% of companies' global cybersecurity budget is dedicated to
detecting, investigating, responding and mitigating Insider Risk despite
it being the hardest threat to detect.
-
Current IRM budgets are likely insufficient as 69% indicate that their
budget for Insider Risk Management will increase over the next year.
-
Companies are leveraging multiple technologies to protect and manage
Insider Risk - with the majority (90%) using a combination of IRM, DLP,
CASB and UEBA to protect data from exfiltration by insiders.
As the need for data security training increases, the quality of trainings matters just as much as the frequency of trainings
The frequency of cybersecurity training has increased over time with 30%
of companies now conducting training weekly compared with 22% in our last report.
However, the data indicates that frequency alone is not effective in
building resilience to Insider Risk. The quality of training is equally
important and organizations must find a way to balance the two.
The study found:
-
The majority (93%) of CISOs agree that the new hybrid-remote workforce
has increased the need for data security training in their company.
-
Those organizations conducting training weekly are more likely to say a
complete overhaul is needed than those conducting it monthly (22% vs.
10% respectively).
-
The companies conducting monthly security training dropped from 32% to
27% year over year, with data indicating that more organizations are
providing weekly training.
Download the Annual Data Exposure Report 2023.