Making the Case: Insider Threat Program Development & Implementation; Part I: Overview

  |  February 22, 2017

For years, organizations have focused on building impregnable network perimeters to keep outsiders out. The rise of virtual technology, outsourcing, and globalization[1] have all seriously undermined this perimeter and exposed our vulnerability to Insider Threats.

An Insider Threat is a current or former employee, contractor, or other business partner who 1) has or had authorized access to an organization’s network, system, or data and 2) intentionally or unintentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s information or information systems.[2]

How prevalent are Insider Threats? Very. The 2011 Cybersecurity Watch Survey found that 21% of electronic crime was committed by insiders, with 43% of respondents having experienced at least one malicious insider incident in the previous year.[3]

These attacks don’t come cheap, and the costs are rising.[4] The cost for each lost or stolen record containing sensitive or confidential information increased six percent from $145 to $154. The average total dollar cost of a data breach in 2015 was $3.8 million[5], an increase of 23 percent from 2013. The damage to an organization’s reputation can be priceless.

Despite high-profiles incidents in recent years, insider threat programs remain a low priority for most organizations—as of 2014, only 26 had one in place.[6]  The most common barriers to better insider threat management are organizational—inadequate training and expertise, insufficient budgets, and a lack of commitment to insider threat defense are cited in more than half of organizations.[7] Technology, on the other hand, is a barrier in less than a third.[8]

In short, Insider Threats are growing more frequent and costlier every year, but not enough is being done. Like any successful proposal, making the case for insider threat program development will require a keen understanding of budgetary constraints, return-on-investment, and senior management buy-in. In the end, it is a difficult but necessary fight.

Part II of this series will outline strategies for successfully designing these initiatives; Part III will tackle returns on investment; and Part IV will discuss securing leadership support.

Other blogs in this series:

[1] E.g., cloud migration, contractors, remote employees, etc.

[2] CERT, (2009). Common Sense Guide to Prevention and Detection of Insider Threat, Third Edition. Retrieved from

[3] Software Engineering Institute. (2011). 2011 CyberSecurity Watch Survey. Pittsburgh: Carnegie Mellon University. Retrieved from

[4] Of the 607 survey respondents who knew about the relative financial impact of insider and outsider attacks, 46% considered insider threat attacks more costly than outside attacks, usually in terms of financial loss, damage to reputation, critical system disruption, and loss of confidential or proprietary information. Id.

[5] Ponemon Institute. (2015), Ponemon Cyber Crime Report: IT, Computer & Internet Security,

[6] Id.

[7] Id.

[8] Id.


18 + fourteen =