Among businesses today, the awareness of the threat of cyberattacks and cybercrime from insiders is gaining prominence.
While cyber insurance policies have traditionally been centred on the risk posed by external players, insider threats originate from trusted individuals who – through malice, negligence or even carelessness – cause harm to their organisation’s IT systems, finances, and intellectual property, says security analytics firm Haystax Technology.
In 2017, 90% of organisations reported feeling vulnerable to insider attacks, up from 64% in 2015 and 74% in 2016, the newest research from Haystax reveals. By 2018, it projects that up to 99% of organisations will report being concerned about the threat from insiders.
According to almost 1,500 cybersecurity professionals surveyed, the top three risk factors for insider threats are: having too many users with excessive access privileges, an increasing number of devices with access to sensitive data, and the increasing complexity of information technology.
The results of the research suggest that insurers have more to do when it comes to assisting their clients in mitigating the risks posed by insiders in the cyber world.
“The insurance industry is all about accurately anticipating risk, yet it seems to believe that insider threat activity can be much harder to predict in a consistent way than, say, human mortality or even the weather,” Haystax’s CEO Bryan Ware told Insurance Business.
According to Ware, evidence suggests that those trusted individuals who go on to break the rules often exhibit “very clear risk indicators, sometimes even weeks or months in advance of an actual insider event.”
The solution for cyber insurers, he says, is to ensure that clients have a “robust” insider threat mitigation program in place.
“One that analyses not just network data, but also other information sources that can shed light on potentially malicious, negligent or accidental human behaviours before they become a crisis,” Ware said.
Earlier this year, a report from Aon Risk Solutions warned that companies’ increasing reliance on technology is leaving them exposed to a wide range of cyber-related risks – including insider risk, which Aon said, “plagues organisations,” adding that many underestimate their severe vulnerability and liability.