Cost of insider threats
Bad Behavior
74% of respondents are primarily concerned about the threat from negligent or malicious employees, but 45% don’t know how much they plan to spend on insider threat technology in the next 12 months.
Falling Short
47% of respondents do not have specific knowledge of their spending on insider threats.
Budget Shortfalls
44% of respondents spend 10% or less of their IT budgets on insider threats.
Blindsided
52% of respondents do not have a clue about the cost of losses from insider threats. Only 19% believe losses would total more than $5 million, which is in line with industry research.
Confidence Outweighs Prevention
68% of respondents believe they have the ability to prevent or stop an insider incident/attack. However, 75% of insider crimes go unreported and are not prosecuted due to a lack of evidence, according to the “2014 U.S. State of Cybercrime Survey.”
Security Holes
90% of respondents said they rely on administrative solutions such as policies and procedures to deal with the problem, but lack the technologies to monitor compliance and enforcement. Meanwhile, 36% said their prevention measures are not effective.
Big Obstacles
51% said a lack of training was the biggest factor limiting their companies’ ability to deal with insider threats, followed by a lack of budget (43%), lack of staff (40%) and lack of technology solutions (40%).
Attitude Adjustment Required
28% of respondents said preventing or deterring insider threats was not a priority for their organizations.
Bad Planning
31% said they have no formal incident report (IR) plan or are unsure if one exists. Of the 69% who said they have IR plans, about half do not have special provisions for insider attacks.
Slow Response
Only 10% of respondents have detected insider attacks within an hour. Detection times ranged from less than one hour to more than one year.