Governance, Risk and Compliance, Risk Assessments/Management, Data Security, AI/ML

Insider incidents hit 77% of organizations, survey finds

Insider data loss incidents affect more than three-quarters of organizations and cost companies at least $1 million more than a third of the time, a recent survey by Fortinet and Cybersecurity Insiders found.

The survey of 883 IT and security professionals revealed that most insider incidents (62%) were unintentional on the part of employees, resulting from user negligence or compromised accounts. While 77% of respondents said their organizations experienced insider data loss in the last 18 months, only 16% of those incidents were confirmed to involve malicious intent by the insiders.

The increasing use of software-as-a-service (SaaS) apps, generative AI (GenAI) and other shadow IT poses a major challenge to insider risk management, with 52% of respondents citing difficulty monitoring SaaS and hybrid work environments as the biggest barrier to improving their insider risk program.

Intentional or not, these insider events can have major consequences, with 41% of cases costing companies between $1 million and $10 million, and 9% costing more than $10 million.

The most common type of data affected in these incidents is customer records, which were impacted in 53% of reported incidents, followed by personally identifiable information at 47% of incidents. These two types of information in particular can bring organizations under regulatory scrutiny when leaked, while the loss of intellectual property (29%) and other business-sensitive content (40%) can put companies at a competitive disadvantage.

IT and security professionals lack confidence in both their visibility into the movement of sensitive data within their organization and in the tools they currently use to help prevent data loss, the survey revealed.

A majority (72%) of respondents said they lacked visibility into how users interact with sensitive data across endpoints and cloud applications, only 47% agreed that their current data loss prevention (DLP) solution was effective in helping prevent sensitive data from leaving their organization.

Respondents felt least prepared to prevent the sharing of data with GenAI tools, with only 12% saying they were fully prepared, and only 15% felt fully prepared to detect and respond to data movement across SaaS and shadow IT.

Looking forward, survey participants said they would prioritize real-time behavioral analytics (66% of respondents), “day-one” data visibility across environments (61%) and SaaS/shadow AI application control (52%) in a next-generation DLP solution. Respondents also reported that their budgets for insider risk and data protection were increasing, with 27% seeing significant increases, 45% seeing moderate increases and only 4% saying their budget was decreasing.

The Fortinet and Cybersecurity Insiders report concluded with five recommendations for managing insider risk, emphasizing the need for solutions that enable immediate day-one visibility across environments upon deployment, use behavioral analytics to help identify and respond to risk earlier and cover top egress channels such as email, cloud and AI tools.

The report also stresses the importance of insider risk management programs that effectively align workflows across security, IT, human resources and legal teams and tools that go beyond static rules to adjust enforcement based on context, reducing false positives and alert fatigue.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

You can skip this ad in 5 seconds