Information Technology News & Information

risk managementNew Report Finds MOST Organizations Are Vulnerable to Insider Threats

A recent report conducted by cyber security experts SANS Institute has found that an overwhelming majority of polled organizations are highly vulnerable to insider attacks. The study, conducted on behalf of software manufacturer SpectorSoft, polled over 700 IT practitioners, finding that while many have an awareness of insider threats, few have adequate response and detection protocols in place.

The report’s author, Dr. Eric Cole, said of the findings that, “Most organizations will suffer an insider compromise and many will be unable to prevent all attacks. That your organization currently has an insider threat of some sort is a near certainty. Therefore, you have to approach security with the assumption that an insider threat has already compromised you and focus your energy on detection.

Insider attacks can happen due to negligent employees misusing information or failing to follow security protocols, as well as malicious employees intentionally compromising data via their knowledge of the workplace and security procedures. When considered with the statistics presented in the report, insider attacks are clearly one of the most serious threats to IT security in a given organization today:

  1. Almost 75% of respondents are aware of insider threats as a concept.
  2. While a third of respondents report that they’ve suffered from an insider attack, approximately the same number of those polled estimate that the attacks cost the organizations roughly $1 million in damages.
  3. While 50% of respondents don’t know how much they’re spending on insider threat protection, 44% can confirm that they’re spending less than 10% of their IT security budget.
  4. Just less than a third of respondents report that they have no way to prevent or deter an insider attack.

Insider attacks are just as serious a threat as those outside of the organization! To protect your company from both the inside and out, contact us at by phone or email for more information.