Pandemic accelerating need for insider risk management

As companies exit the pandemic, security leaders will be challenged with new data security complexities. Remote work over the past year magnified challenges that companies face around protecting data exposure and file exfiltration from insider risk, and that will only continue if proactive precautions aren’t taken.

According to a recent study conducted by Forrester Consulting, insider risk management (IRM) is of greater concern now for 74% of companies than it was before the pandemic.

The survey gathered insights from over 200 security professionals in the U.S. who are involved with their company’s data loss prevention (DLP) and/or data breach mitigation strategies and planning. The research explores how companies are currently treating insider risk management and the changes being adopted to pursue a more holistic approach to data risk management as part of zero trust strategies.

Key findings

• 66% of respondents experience data leaks due to insiders at least monthly.
• 82% of security professionals identify protecting sensitive company and customer data as a top priority.
• 71% of respondents agree that traditional approaches to DLP aren’t working.
• 59% of respondents identified the need to pursue more holistic insider data risk management as part of their zero trust strategy.

“As business leaders activate post-pandemic work plans, it’s crucial that security programs co-exist with collaborative work tools rather than handcuff employees who are simply trying to get their jobs done,” said Joe Payne, Code42 president and CEO.

“In the waning months of the pandemic, we expect workforce turnover to increase. With that personnel movement will come a heightened risk to company data – source code, marketing plans, and customer lists are all digital and portable. Putting in place an insider risk management strategy now can stem future data risk and keep workforces productive, creative and innovative.”

Top inhibitors of effective insider risk management

Although companies are reprioritizing insider risk, there are still significant roadblocks to implementation. Survey respondents identified the complexity of too many disconnected tools (75%), managing false positives (71%) and complexity of policy creation and deployment (67%) as top inhibitors of effective IRM.

Much of this can be bridged to improve security awareness across the organization and help employees better understand appropriate data access and file movement. As such, 64% of firms say they will increase security awareness amongst employees in the year ahead.

As companies continue to adapt their security postures for modern working environments, insider risk management will increasingly become a focal point of successful data security strategies.