The focus on insider threats will increase and corporations will begin to penalize employees who misinterpret security policies and procedures, according to a new survey of corporate information security practitioners conducted by Ari Kaplan Advisors.
Insider threat programs and policies will become enforceable by courts
Based on the findings, Nuix predicts that corporations without an insider threat program or policy in place, approximately 33% of respondents, may be legally forced to implement one.
“If you have not made insider threat protection a priority, the court will force you to do so,” said Keith Lowry, Nuix’s Senior VP of Business Threat Intelligence and Analysis. Lowry explained that victims of data breaches are increasingly trying to prove negligence or failure to meet an acceptable standard of care on the part of a data custodian. “The Federal Trade Commission also has the authority to enforce cybersecurity regulations, which further complicates the environment,” he said.
Corporations will penalize employees who misinterpret security policies
The majority of survey respondents, a resounding 93% of those surveyed, said people were the biggest weakness in information security, ahead of technology and processes.
“There’s a recognition now that everyone is responsible for cybersecurity, not just those working in IT,” said one respondent.
For this reason, Nuix predicts that corporations will begin to penalize employees who “misunderstand, misinterpret, or miscalculate longstanding security policies and procedures.”
Cybersecurity will continue to be an enterprise-wide concern
The report found that in 2015, most organizations ranked information security as one of the highest corporate priorities along with profitability, governance, and staffing. Reflective of this, 96% said that they shared and collaborated with other information security executives, an increase of four percentage points over the 2014 numbers.
“Security leaders now have a much more influential seat at the table,” said Ari Kaplan, the report’s author and principal researcher. “They’re connecting with almost everyone within an organization.”
The profile of the security teams and their leaders is likely to rise. “The influence of the Chief Information Security Officer will grow throughout the C-suite, similar to how the general counsel’s weight has risen over the years,” said Kaplan.