Data loss from insider events increase despite IRM programs, says study>
CSO Online – Shweta Sharma
A vast majority of companies are struggling with data losses from insider events despite having dedicated insider risk management (IRM) programs in place, according to a data exposure study commissioned by Code42.

The study revealed an average 32% year-on-year increase in data losses from insider incidents, costing each organization about $16 million per incident. Insider incidents include data exposure, losses, leaks, and thefts originating internally from an existing employee of an organization.

More than 82% of CISOs admitted being concerned about the insider risk problem in their organizations and the data loss associated with it.

Detecting a data loss from an insider event presented even greater challenges as 75% CISOs said they failed at doing so in their companies.

CISOs ranked insider risks (27%) as the most difficult threat to detect, placing it above cloud data exposures (26%) and malware/ransomware (22%).

Among 72% of participants having a dedicated IRM program in place, a massive 71% still believe they could experience insider incidents in the next 12 months. More importantly, 79% of CISOs said they could lose their job from an unaddressed insider breach.

The technologies used in these programs include some combination of IRM (97%), user and entity behavior analytics / User Activity Monitoring (97%), enterprise data loss prevention (97%), security awareness training/education (96%) and cloud access security broker (96%).

Also, the companies conducting monthly security training dropped from 32% to 27% year-over-year, with data indicating that most organizations are pushing for weekly data security training.
Link: https://www.csoonline.com/article/3691815/data-loss-from-insider-events-increase-despite-irm-programs-report.html