Majority of businesses are at risk from insider threats

Chancellor George Osborne announced that the UK would be almost doubling its spending on cyber security between now and 2020 last week. The statement was seen as a response to the Paris attacks and the fact that terrorist groups and other hostile forces now represent a cyber threat as well as a physical one.


Most cyber defences are geared towards outside attacks but a new study suggests that most businesses are now being put at risk by insider threats. In cyber security terms, this means any current or former employee, contractor or other party misusing their authorised access to the organisation’s network, systems and data.


The study, carried out by Skyhigh Networks and based on analysis of the actual cloud behaviour of more than 20 million employees, found that more than half (55.6%) of organisations experienced “unusual behaviour” by privileged users every month. This would typically involve the user accessing data they shouldn’t.


The study also found that almost a third (28.1%) of employees had uploaded files containing sensitive data to the cloud. Organisations experienced an average 5.1 incidents every month involving unauthorised third parties using stolen account credentials to gain access to data stored in a cloud service.


There have been some extremely high profile cases of cyber breaches in the news recently but businesses of all shapes and sizes can be targets. A recent study by HP Enterprise Security found that cyber-crime cost UK businesses an average of £4.1 million a year.


Larger businesses tended to face larger overall costs but smaller businesses faced significantly higher per capita costs (£1,014 versus £232). These costs be potentially devastating to some businesses, putting them at risk of insolvency or other financial issues.


Kamal Shah, senior vice president of products and marketing at Skyhigh, has said that smaller firms should not be complacent when it comes to cyber-crime, as almost all businesses store some kind of sensitive information such as customer data. Small businesses were also less likely to have dedicated IT security teams in place which can exacerbate the risks involved.


By Phil Smith


If you would like to have a free no obligation chat with one of our advisers please call us on 0207 186 1144.




View all Business Insights