Intelligent CIO North America Issue 22 - Page 26

Culture of disconnect means ownership of Insider Risk remains vague
While almost all companies ( 96 %) experience challenges in protecting corporate data from Insider Risks , there is a disconnect between security leaders , practitioners , business leaders and the board that is preventing teams from accurately measuring the Insider Risk problem . This impacts how Insider Risk is quantified and presented to senior team members , including the board .
The study also found :
• Nearly three in five ( 57 %) cybersecurity practitioners report that cybersecurity leaders don ’ t consult the team when making decisions about their company ’ s cybersecurity strategy .
• 56 % of cybersecurity leaders and practitioners agree that they feel like they don ’ t have a strong voice in business decisions made by the business leadership team .
• The vast majority ( 91 %) of respondents still believe that their companies ’ board requires more understanding of Insider Risk .
Sustained hybrid-remote work environments push organizations to reevaluate security awareness training
Companies are still adapting to new ways of working , and it ’ s clear many organizations will be managing a hybrid workforce for the foreseeable future . Hybridremote work heightens security challenges , and many respondents ( 55 %) are concerned about employees becoming lax in their cybersecurity practices .
That number is even higher for those in the public sector ( 70 %). The data suggests that companies should examine the frequency , relevance and quality of their training protocol .
The study also found :
• Almost all companies ( 96 %) believe they need to improve the data security training they give to employees .
• Nearly one-third of organizations ( 32 %) say they need to completely overhaul employee security training ; 63 % of those in the public sector are the most likely to hold this opinion .
Pre-IPO companies are making Insider Risk Management a priority regulations around security controls , means pre-IPO companies must take a closer look at their company ’ s vulnerability for Insider Risk events . Of all company stages , pre-IPO companies are the most likely to have an IRM program ( 77 %).
The study found :
• 85 % of pre-IPO companies cite Insider Risk as a board-level priority and 82 % indicate Insider Risk is discussed at every board meeting .
• Regardless of company maturity , reputational damage as a result of Insider Risk events is the number one concern across all organizations .
• Loss of IP / customer data is more likely to be a fear for 51 % of companies that have had a merger , acquisition or divestiture in the last 12 months than it is for companies that have one planned in the next 12 months ( 32 %). This may be due to the tendency of employees to depart companies post-merger and a fear of those employees taking company data with them when they do so .
The public sector and financial services industry are leading the way in IRM
The public sector ( 84 %) and financial services industry ( 76 %) have the highest percentage of organizations with an IRM program in place and devote the largest proportion of their cybersecurity budget ( 26 % and 24 %) to Insider Risk compared to the survey average of 21 %.
The study also found :
• While 98 % of surveyed companies in the financial services industry report having fears regarding Insider Risk , all industries are concerned about the impacts of an Insider Risk incident .
• Media , leisure and entertainment companies have the smallest average budget allocated to mitigating Insider Risk ( 16 %).
• 58 % of companies within the public sector are planning to add new cybersecurity technologies to better monitor file movements .
Code42 commissioned independent market research agency Vanson Bourne to conduct the Data Exposure Research . The 2022 study surveyed 700 respondents from companies in the US in September and October 2021 .
Intellectual Property ( IP ) is one of the most valuable commodities of a company planning to file an initial public offering ( IPO ). That , combined with compliance
All interviews were conducted using a rigorous multilevel screening process to ensure that only suitable candidates were given the opportunity to participate . p
26 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com