Companies are forking over larger portions of their IT security budgets to better combat homegrown threats.
According to a recent report from DTEX Systems, insider risk management on average made up 16.5% of a company’s overall IT security budget in 2024, up from 8.2% in 2023. The majority of companies surveyed (81%) said they either currently have or plan to have an insider risk program.
The report, which was independently conducted by the Ponemon Institute, surveyed 8,306 IT and security professionals from 349 organizations in North America, Europe, the Middle East, Africa, and the Asia–Pacific region. It defines insider risk as harm inflicted by an insider that’s both malicious, such as IP theft and fraud, and non-malicious, such as falling victim to advanced phishing attacks.
Of those with an insider risk program, more than six in 10 (65%) said the program was the only security strategy that allowed them to preempt a data breach. The average time to contain an insider incident fell to 81 days in 2024, down from 86 days in 2023.
Top of mind. DTEX CEO Marshall Heilman told IT Brew that the report’s finding signals that companies are starting to take insider risk “more seriously than they have in the past.” That could be because high-profile insider incidents haven’t been in short supply. Last year, Verizon disclosed that it experienced a breach that impacted more than 63,000 of its employees after an employee gained unauthorized access to a file containing sensitive data. In 2023, Tesla experienced a data breach that impacted upward of 75,000 people after two former employees leaked sensitive data to a German newspaper.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Angela Osborne, VP of risk and emergency management solutions at Guidepost Solutions, told IT Brew that insider risk has been a “strong area of conversation” at her company. Osborne noted the heightened focus comes for a variety of reasons, including increased concerns around risks related to incoming employees and the rise of fake IT worker schemes, and uncertainty around how changes to the federal government will impact the availability of resources from organizations like the Cybersecurity and Infrastructure Security Agency.
“I think a lot of people today are looking at some of the changes happening within the federal government, as well and looking at some of the changing norms regarding how the federal government is approaching information security, and looking at their own organizations and thinking, ‘We really need to become more self-sufficient,’” she said.
All-in-one or one for all? Heilman told IT Brew that there is a compelling argument for why companies should seek dedicated insider risk management program solutions as opposed to relying on a concoction of different tech to combat insider risk.
“If you’re leveraging one of the major platform players that does 15 different things, in general, they’re not doing those 15 things very well,” Heilman said. “What you’re getting is the power of the platform.”
However, Osborne told IT Brew that there are pros and cons associated with both options and said what’s more important is that there is a strong foundation within organizations to evaluate the risk of insider threats.
“It’s got to be built on collaboration between HR, legal, physical security, [and] information security operations,” she said.