Majority of IT pros don’t see senior management taking enough responsibility for insider threat

IS Decisions report finds that IT professionals want more involvement from senior management on internal security.

  • 9 years ago Posted in

More than half of IT professionals (57%) believe their organisation’s senior management does not take enough responsibility for internal security, according to new research from IS Decisions.


Currently, the IT department (80%) takes responsibility for insider threat in nearly twice as many organisations as the C suite (43%) does.


And while security budgets have grown by about a third over the last year, the average amount apportioned specifically to internal security accounts for just 3.6% — despite the increasing potential risks.


However a majority of 68% of IT professionals expect budgets on internal security to grow significantly within their organisation and 67% stated they plan to look at specific tools, technology and data to help tackle insider threat, highlighting further the need for senior involvement.


The findings are part of research revealed in IS Decisions’s new report User security in 2015: the future of addressing insider threat, based on a survey of 250 IT professionals in the UK and 250 in the US.


The senior executives’ worrying lack of support and awareness on insider threat comes after a year of high-profile breaches at major companies like eBay, Target and JP Morgan where lax internal security played a part.


As a result, 37% of organisations across the UK and US are planning an insider threat programme this year, driven mostly by the IT department.


IT pros are also craving guidance on mitigating insider threat from outside of the company, with 91% believing that industry-wide collaboration is needed and 78% wanting clearer guidelines on tackling the issue.


François Amigorena, CEO of IS Decisions, commented, “Senior executives need to wake up to the reality that is insider threat. For good reason, 2014 has been dubbed by many as the ‘year of the breach’, and no company is safe — no matter how large or small.


“We have seen the most senior people in organisations like Target pay the price of poor security practices by losing their jobs, showing just where the responsibility should lie now and what kind of penalties can ensue.


“While IT professionals are clearly very much taking heed of what they’re seeing, C-level personnel must also be on board if 2015 is to be the ‘year of tackling insider threat’”.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...