Insider cybersecurity threats continue to rise

Register now

Since 2016, the average number of cybersecurity incidents involving employee or contractor negligence has increased by 26 percent, according to data from data protection researcher the Ponemon Institute.

The same North American study also found that insider actions caused 64 percent of all cybersecurity incidents within the past 12 months, and that the average cost to contain a single such incident is now $11.01 million.

Those results contrasted with the outcome of another recent survey of 1,000 full-time employees at companies with a 500 person-plus workforce. That study by ObserveIT, which helps companies manage cybersecurity threats posed by their workforce, found that nearly two-thirds of the employees surveyed (65 percent) claim to understand the nature of an insider threat, and nearly as many (64 percent) agree that careless employees or contractors are the most common source of these threats.

That employees are confident they understand the nature of insider threats and corporate cybersecurity policies, while insider threat-related incidents continue to rise, may lull businesses into a false sense of security, notes ObserveIT CEO Mike McKee.

“When it comes to cybersecurity awareness and insider threat prevention, organizations need to take a holistic approach to cybersecurity and focus on people first, then processes and technology,” says McKee. “Organizations should increase security awareness training for new hires and ensure that both employees and contractors adhere to the company’s cybersecurity policy.”

The Gen Z risk
The ObserveIT survey also found that among different generations of workers, Generation X and Baby Boomer employees present the lowest insider risk, with 90 percent of 45 to 54-year-olds and 55 to 64-year-olds self-reporting that they follow their company’s cybersecurity policy.

Generation Z, on the other hand, poses the greatest cybersecurity risk, as more than a third (34 percent) of 18 to 24-year-old employees acknowledge that they either don’t know or don’t understand what is included within their company’s cybersecurity policy. This group was also the most likely of any generation to admit that they don’t follow their company’s cybersecurity policy—even if they do understand it.

To review the complete ObserveIT study, click here.

For reprint and licensing requests for this article, click here.