TIMES ARE TOUGH FOR TODAY’S insurers—layoffs, salary cuts, low morale, tired employees—the list just goes on and on. No matter how well companies think
they know their employees, insider threats, intentional
or not, are more probable than ever. This leads to complex risk management.
The second Market Pulse Survey, conducted by
SailPoint Technologies, focused on how companies are
approaching identity governance during the economic downturn, with a particular focus on “insider
threats.” While 86% of the total respondents (
representing a number of industries, including banking,
insurance and health care) are concerned about insider threats, they cannot adequately manage the risk of
data breaches because the majority of them can’t summarize which workers have access to the most critical
applications and data. Of the health care and insurance
companies that responded, 99% are concerned about
insider threats.
“In today’s digital economy, stealing no longer
requires putting your hand in the till,” says Jackie
Gilbert, SailPoint’s VP of marketing and co-founder.
“Employees can now steal electronic data they can
access in the workplace, and there are dozens of
outlets for selling this data on the Internet black
market for profit. Insurance companies have key
pieces of personal customer information—
including birth dates and social security numbers—that
identity data thieves seek. Insurance providers are
rightfully concerned.”
As the survey shows, the risk factors are at an all-time high; companies are struggling to adequately
secure sensitive data, making it easier for workers to
commit undetected crimes, Gilbert says.
“Meanwhile, the pressures of the recession—major
layoffs, low employee morale, financial hardship—
are increasing motivation or temptation to commit
crimes.” INN
If your company’s CIO asked you to present a
complete record of user access privileges for
each employee that same day, could you?
How concerned
are you about
insider threats?
Do you have a risk management function
within your IT organization? And if so,
does it have a budget allocated to it?
43%
57%
Not
concerned:
“We have the right
controls in place.”
Very
concerned:
“It’s just a matter
of time.”
Risk Management Function?
NO
14%
17%
NO
23%
If faced with a massive layoff at your organi-
zation, could you immediately remove all
access privileges for terminated employees?
26%
Budget Allocated?
58%
NO
NO
Concerned:
“We have some
controls in place.”
Somewhat
concerned:
“We lack critical
controls.”
30%
