Security News > 2023 > April > Re-evaluating immature and ineffective insider risk management programs

Re-evaluating immature and ineffective insider risk management programs
2023-04-05 03:00

Although more than 72% of companies indicate they have an Insider Risk Management program in place, the same companies experienced a year-over-year increase in data loss incidents of 32%, and 71% expect data loss from insider events to increase in the next 12 months.

With insider incidents costing organizations $16M per incident on average, and CISOs stating that insider risks are the most challenging type of threat to detect, the report is a clear call to action for the security industry to 'do better' and help professionals solve this challenge.

CISOs ranked insider risk as the most difficult type of threat to detect at their company, placing it above cloud data exposures and malware/ransomware.

While it's promising to see that more than 70% of companies have an IRM program in place, 85% of companies note they still face technology and visibility challenges when it comes to protecting against exploitation by insiders, suggesting that the programs in place are immature and ineffective.

Current IRM budgets are likely insufficient as 69% indicate that their budget for Insider Risk Management will increase over the next year.

Companies are leveraging multiple technologies to protect and manage insider risk - with the majority using a combination of IRM, DLP, CASB and UEBA to protect data from exfiltration by insiders.

News URL