People are the biggest threat to company security

There is a stronger focus on insider threats and on understanding cybersecurity issues more at the board level. Those are the results of a new research done by global security intelligence and information management technology company Nuix.

The survey is entitled Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices, and was conducted by Ari Kaplan Advisors.

“We had in-depth conversations with chief information security officers and directors from Fortune 500 and Fortune 1000 companies about the dynamic nature of security and how their role is adapting,” said Ari Kaplan, the report’s author and principal researcher. “Security leaders now have a much more influential seat at the table, partly because of the public nature of breaches and the lack of information security.”

The report found that there’s a greater focus on insider threats since the first report was conducted in 2014. Nearly three-quarters of respondents reported that they have an insider threat program or policy, and 14 per cent said that they allocate 40 per cent or more of their budget to insider threats.

People were reported to be “almost universally” the biggest weakness in information security, ahead of technology and processes. Of the respondents that reported to have an insider threat or policy, 70 per cent offer employee training to minimize risk. “The company employs intelligence teams that study different aspects of communications, user activity, social media, suspicious activity and other details,” said one respondent.

“We’re seeing a lot more hands-on training, employee monitoring, and testing to address the issue,” said Kaplan.