While employees understand the concept of insider threats, the business security risk posed by accidental or negligent behavior continues to mount, according to a new report from ObserveIT.
Of the 1,000-plus full-time employees from organizations with more than 500 workers, 64% agreed that careless employees or contractors were the most common cause of insider threats. This directly corresponds with a recent Ponemon Institute report, which found negligent insider actions caused 64% of all insider threat incidents in the past year.
The risk posed by insider threats grows greater each year, the Ponemon Institute report found: Since 2016, the average number of incidents involving employee or contractor negligence increased by 25%, and the cost to contain an incident in North America rose to $11.01 million.
SEE: Intrusion detection policy (Tech Pro Research)
However, insider threats vary depending on which generation the employee belongs to, ObserveIT found.
Generation X and Baby Boomers were the least risky generations within the workplace, as 90% of 45-54 year olds and 55-64 year olds said that they follow their company's cybersecurity policy, according to the report.
Meanwhile, Generation Z posed the highest cybersecurity risk to organizations, as 34% of the 18-24 year olds said that they don't know or understand what is included in their company's cybersecurity policy. This group was also the most likely generation to reportedly not follow their company's security policies, even when they do understand it.
While employees overall claim to understand insider threats and adhere to cybersecurity policies, the fact that these incidents continue to rise indicates that organizations may be lulled into a false sense of security, the report noted. A lack of consistent understanding around the risks posed by insider threats can introduce accidental or negligent behavior into the workplace, costing organizations more money and resources.
"While the threat of the insider continues to grow, this research proves that when it comes to cybersecurity awareness and insider threat prevention, organizations need to take a holistic approach to cybersecurity and focus on people first, then processes and technology," ObserveIT CEO Mike McKee said in a press release. "With a new generation entering the workforce, organizations should increase security awareness training for new hires and implement processes and technology to ensure both employees and contractors with access to systems and data understand and adhere to the company cybersecurity policy to prevent insider threats."
The big takeaways for tech leaders:
- 64% of employees agree that careless employees or contractors are the most common cause of insider security threats. — ObserveIT, 2018
- Generation X and Baby Boomers were the least risky generations within the workplace, as 90% of these employees said that they follow their company's cybersecurity policy. — ObserveIT, 2018
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.