Survey highlights growing requirements for insider risk management
- Published: Friday, 30 April 2021 08:25
According to a recent commissioned study conducted by Forrester Consulting on behalf of Code42, insider risk management (IRM) is of greater concern now for 74 percent of companies than it was before the pandemic.
The survey gathered insights from over 200 security professionals in the US who are involved with their company’s data loss prevention (DLP) and/or data breach mitigation strategies and planning. The research explores how companies are currently treating insider risk management and the changes being adopted to pursue a more holistic approach to data risk management as part of zero trust strategies.
Key findings from the study include:
- 66 percent of respondents experience data leaks due to insiders at least monthly.
- 82 percent of security professionals identify protecting sensitive company and customer data as a top priority.
- 71 percent of respondents agree that traditional approaches to DLP aren’t working.
- 59 percent of respondents identified the need to pursue more holistic insider data risk management as part of their zero trust strategy.
“As business leaders activate post-pandemic work plans, it’s crucial that security programs co-exist with collaborative work tools rather than handcuff employees who are simply trying to get their jobs done,” said Joe Payne, Code42 president and CEO. “In the waning months of the pandemic, we expect workforce turnover to increase. With that personnel movement will come a heightened risk to company data – source code, marketing plans, and customer lists are all digital and portable. Putting in place an insider risk management strategy now can stem future data risk and keep workforces productive, creative and innovative.”
Although companies are reprioritizing insider risk, there are still significant roadblocks to implementation. Survey respondents identified the complexity of too many disconnected tools (75 percent), managing false positives (71 percent) and complexity of policy creation and deployment (67 percent) as top inhibitors of effective IRM. Much of this can be bridged to improve security awareness across the organization and help employees better understand appropriate data access and file movement. As such, 64 percent of firms say they will increase security awareness amongst employees in the year ahead.