Times are tough for today’s companies: layoffs, salary cuts, low morale, tired employees—the list just goes on and on. No matter how well companies think they know their employees, insider threats—intentional or not—is more probable than ever, which can lead to complex risk management. To complicate these matters, there is a disconnect between regulatory compliance and proactive risk management, according to SailPoint Technologies. 
The second Market Pulse Survey, conducted by SailPoint in April 2009, focused on how companies are approaching identity governance during the economic downturn, with a particular focus on “insider threats.” While 86% of the total respondents—representing a number of industries, banking, financial services, insurance and health care being most common—are concerned about insider threats, they cannot adequately manage the risk of data breaches because the majority of them can't summarize which workers have access to the most critical applications and data. Of the health care and insurance companies who responded, 99% are concerned about insider threats.
The magnitude of corporate churn on a global scale, compounded by restricted IT budgets and strained resources, has created a perfect storm for fraud and theft from employees in the affected industries. Many organizations are trying to mitigate this insider threat risk. In fact, 77% of the companies SailPoint surveyed have a risk management function within their IT organization. However, nearly 30% of those companies don’t allocate budget to that function. That means nearly 50% of the affected companies either do not have, or underfund, their IT risk management activities.
The SailPoint survey also revealed that companies struggle with managing user access controls for large populations of employees, partners and customers. Of the respondents, 28% said they lack critical access controls and could be more exposed to security breaches than they think. Another 20% believe it’s simply a matter of time before an internal breach occurs at their company. 
“Since we conducted our first survey last November, close to half of our respondents have undergone major layoffs,” said Jackie Gilbert, SailPoint’s VP of marketing and cofounder. “In light of this heightened risk, ‘what you don’t know’ can have real consequences on businesses, and executives are starting to realize that. Our survey clearly showed that executives are rightfully concerned, and I suspect we’ll see a more disciplined risk management approach for user access control in the coming months.”
This article can also be found at InsuranceNetworking.com.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access