Despite reports that insider threat costs continue rising every year, the majority of companies still don’t have a dedicated insider threat program in place. This is a little misleading, however. It’s not that companies aren’t doing anything about insider threat; the problem is that most are taking a reactive approach—the “we’ll deal with it if it happens” approach. But what they’re not realizing: it’s happening every day. And because most companies are not planning ahead for what to do once an insider threat incident has been detected, insider threat costs are skyrocketing.
Why aren’t companies doing more about insider threat?
There are a variety of reasons that 4 in 5 companies still do not have a dedicated insider threat program:
1. They think they don’t have a problem
We’ll call this the hopeful/optimistic denial group. These companies staunchly believe in the integrity of their employees, or those who say “all our employees love working here, they would never do anything to harm the company.” They don’t want to risk changing their company culture by acknowledging that their employees are capable of taking valuable trade secrets. But here’s the thing: it’s not about bad people—it’s about shifting workforce culture and protecting the organization. The primary output of modern employees is ideas, and people naturally feel entitled to owning the ideas they create. So it’s not surprising that most feel it’s their right to take their ideas with them when they leave—whether or not they’re aware of company policy or potential company damage.
To Continue Reading…
Share a few pieces of information and we’ll personalize your experience with us