5 Steps for Creating a Culture of Insider Threat Awareness

An insider threat is a security incident that originates within the targeted organization such as an employee (current or former), contractor, business partner or, believe it or not, a board member. In fact, according to IBM’s 2019 Cost of a Data Breach Report: 

• 24% of the breaches are caused by negligent employees or contractors
• 49% of the incidents stemmed from human error and system glitches
• Average cost of a data breach = $3.9m
• Average cost per record lost = $150
• The cost of data breaches has increased by 12% since 2014 due to increased regulation and complex, longer-lasting resolution processes

However, there are things companies can do to decrease the likelihood of an attack as well as mitigate the damage after the fact. To start, according to that same IBM report, companies that not only had an incident response team in place but also conducted extensive testing of their response plans saved, on average, over $1.2 million per breach. In addition, companies that had yet to deploy security automation suffered lost, on average, 95% more than companies who already had tech in place to automatically detect and contain data breaches/attacks. However, despite these risks, only 52% of the companies surveyed have implemented automated security tools.

In addition, though most companies have some sort of insider threat program in place, an estimated 30% of U.S. workers have never received cyber security training. Though insider threat training is a critical component of cyber resiliency, establishing a full-end-end culture of cyber security is essential for preventing, managing and containing evolving risks. 

Establishing a culture or cybersecurity goes beyond simply promoting awareness. In order to truly be effective, employees need to understand their role in combating cyber attacks and data breaches. In this article, we layout 5 key action items for cultivating a culture of security against insider threats.