We use cookies to improve this site and enable full functionality. You can change your cookie settings at any time using your browser. Our cookie policy.

90% of organisations are worried about the risk of insider attacks

90% of organisations are worried about the risk of insider attacks | Insurance Business

90% of organisations are worried about the risk of insider attacks

Among businesses today, the awareness of the threat of cyberattacks and cybercrime from insiders is gaining prominence.

While cyber insurance policies have traditionally been centred on the risk posed by external players, insider threats originate from trusted individuals who – through malice, negligence or even carelessness – cause harm to their organisation’s IT systems, finances, and intellectual property, says security analytics firm Haystax Technology.

Search and compare product listings for insurance against Crime from specialty market providers here

In 2017, 90% of organisations reported feeling vulnerable to insider attacks, up from 64% in 2015 and 74% in 2016, the newest research from Haystax reveals. By 2018, it projects that up to 99% of organisations will report being concerned about the threat from insiders.

According to almost 1,500 cybersecurity professionals surveyed, the top three risk factors for insider threats are: having too many users with excessive access privileges, an increasing number of devices with access to sensitive data, and the increasing complexity of information technology.

The results of the research suggest that insurers have more to do when it comes to assisting their clients in mitigating the risks posed by insiders in the cyber world.

“The insurance industry is all about accurately anticipating risk, yet it seems to believe that insider threat activity can be much harder to predict in a consistent way than, say, human mortality or even the weather,” Haystax’s CEO Bryan Ware told Insurance Business.

According to Ware, evidence suggests that those trusted individuals who go on to break the rules often exhibit “very clear risk indicators, sometimes even weeks or months in advance of an actual insider event.”

The solution for cyber insurers, he says, is to ensure that clients have a “robust” insider threat mitigation program in place.

“One that analyses not just network data, but also other information sources that can shed light on potentially malicious, negligent or accidental human behaviours before they become a crisis,” Ware said.

Earlier this year, a report from Aon Risk Solutions warned that companies’ increasing reliance on technology is leaving them exposed to a wide range of cyber-related risks – including insider risk, which Aon said, “plagues organisations,” adding that many underestimate their severe vulnerability and liability.

Related stories: