Insider risk continues to grow in 2023.

Code42 this morning released their 2023 Annual Data Exposure Report, discussing the complex nature of addressing insider risk, or, the threat of someone within an organization using their access to do harm to the company, either maliciously or otherwise.

Insider data loss continues to grow as a problem.

The researchers found that 82% of CISOs think that insider data loss is a company problem, and 76% anticipate increased data loss from these events in the next year. This report confirms the growth of insider risk threats, showing a 32% average increase in monthly insider-based threat events from 2022’s report. On average, insider-driven threat events can cost upwards of $16 million per incident. Companies are also reportedly reliant on too many technologies for management of insider risk, using combinations of “IRM (97%), User and entity behavior analytics (UEBA) / User Activity Monitoring (UAM) (97%), Enterprise Data Loss Prevention (DLP) (97%), Security awareness training/education (96%) and Cloud Access Security Broker (CASB) (96%).”

Difficulty in detection of insider threats.

Despite the use of a multitude of tools to protect against insider threats, 75% of CISOs note that detection of data loss from within their company is difficult, with 27% saying that it is, in fact, the most difficult threat, above cloud data exposure, and malware/ransomware.

The impact of hybrid work on insider threats.

The report finds an increased need for training in data security with the cultural shift to hybrid work taking hold, however, most companies still struggle to implement effective solutions. 81% of respondents believe that there is an increased need for data security training within their organization, with almost all (96%) respondents reporting a needed improvement in their existing data security training.