Insider Risk
Learn about common Insider Risk challenges and how IncydrTM helps solve them

More collaboration, more Insider Risk
The way we work has changed. Fast-paced, people-first cultures are the norm. Employees demand flexible ways to do their work. Tools like Slack, Zoom, Box and Google Drive make employees more collaborative, productive and virtual. Unfortunately, they also make corporate data more invisible and portable. As digital collaboration has increased, so too has Insider Risk.
What is Insider Risk vs insider threat?
Insider Risk occurs when data exposure jeopardizes the well-being of a company and its employees, customers or partners. Mitigating data exposure is the primary way for security teams to address Insider Risk.
Insider threat, on the other hand, is more focused on the person putting data at risk. One of the most respected definitions of insider threat comes from Carnegie Mellon's CERT Insider Threat Center: "Insider Threat--the potential for an individual who has or had authorized access to an organization's assets to use their access, either maliciously or unintentionally, to act in a way that could negatively affect the organization."
Distinguishing between Insider Risk and insider threat might feel like splitting hairs, but it's an important distinction. It's not enough to detect and respond to insider threats as they happen. Security teams first need a strategic understanding of what data is at risk, how effectively data is protected from exposure, and how vulnerable the organization is to future Insider Risk.
Trends increasing Insider Risk
89%
of CISOs believe a fast-paced collaborative culture puts the company at greater risk.
(Code42 Data Exposure Report 2019)
66%
of data breaches involve an insider.
(Code42 Data Exposure Report 2019)
88%
of enterprises are unable to consistently detect insider threats.
(Bitglass 2019 Insider Threat Report)
73%
of data breaches take months or years to discover.
(Verizon 2019 Insider Threat Report)
85%
of organizations find it difficult to assess a threat's severity.
(HelpNet Security 2019)
>66%
of security professionals identify significant weaknesses with solutions such as DLP, UEBA and UAM.
(ESG)