EVEN LOYAL EMPLOYEES CAN WREAK HAVOC
Business leaders hear about Insider Threat and push it aside, feeling strongly that all of their employees are honest and well-intentioned. So, of course, these leaders focus their data security program on outsider threats. The truth is, though, even if all of their employees are trustworthy and loyal, they still pose potentially costly and time-consuming risks to the organization’s data security, and that can cost literally millions of dollars.
IMPACT OF EMPLOYEE NEGLIGENCE AND ERRORS
According to a study independently conducted by the Ponemon Institute, 56% of Insider Threat occurrences are caused by employee or contractor negligence, costing an average of $484,931 per incident. This could be the result of individuals neglecting to keep their devices secured physically or through updates, or this can happen when people simply fail to follow a company’s security policy.
Even one incident is too costly, but they can stack up if a company doesn’t invest in a strategy to prevent, monitor and react to these threats. Large US companies spend an average of $22.68 million on insider threat mitigation annually. Smaller companies (500 or fewer employees) spend an average of $8.13 million annually.
TIPS FROM TMPC
- First, a company needs to have thorough and clear policies and procedures in place to prevent incidents and to respond to them if they do occur. Reacting in the moment to a crisis often makes things worse, so having a plan in place is imperative.
- Include checks and balances in your policies to confirm that all employees are following policies and that updates have occurred when necessary.
- Keep your team informed. Share the real costs of insider threats (money, time and reputation) with all employees, and share articles like this one with them regularly.
SET AN INSIDER THREAT STRATEGY
For more information, visit our site where you can find out more about proper Insider Threat Risk Management and get in touch with our experts:
- Internal Threat Management for Business Clients.
- Internal Threat Management for Government Clients.