Senior Research Associate,
National Security and Public Safety
The Conference Board of Canada is updating its 2013 publication Preventing, Mitigating, and Managing Insider Threats, a briefing detailing best practices shared with the Conference Board, as well as results of a 2012 survey of executives from over 100 organizations on insider threats. The survey was repeated in 2017, and while we are still gathering results, we were able to glean some initial insights from the results. Our previous blog post, “Updating Our Knowledge of Insider Threats,” presented findings around organizational definitions and policies on insider threats, which can be considered measures of preparedness. In this blog, we examine organizational confidence around identifying and managing insider threats.
There were some shifts around the confidence that employees would report possible insider threats in 2017 when compared with 2012. There were no “Don’t know” responses in the 2017 survey and 97.1 per cent responded that at least some employees would report a possible insider threat, up slightly from 89.6 per cent in 2012. However, the percentage of participants who believed that most employees would report dropped from 66.1 per cent to 60.0 per cent in the 2017 responses.
Survey Question: Do You Feel That Employees in Your Organization Would Report an Insider Threat?
Source: The Conference Board of Canada.
While 97.1 per cent is a high level of confidence in employee reporting, the drop in certainty that most employees would report suspected insider threats bears closer examination. Do organizations lack clear reporting mechanisms? Are employees receiving ongoing training about how to recognize insider threats? A larger survey sample size would help us get a better grasp on these changes, which is one of the reasons why we have reopened our survey.
Survey participants in both 2012 and 2017 were asked if they thought their organization could manage an insider threat incident. In 2012, 90.5 per cent of respondents were confident that their organizations could manage at least some insider threat incidents, with 27.0 per cent being sure their organization could manage most insider threat incidents. In 2017, there was a slight drop in confidence that organizations could manage at least some insider threat incidents (85.7 per cent from 90.5 per cent), but a greater proportion of respondents (34.3 per cent from 27.0 per cent) believe that their organizations could manage most insider threat incidents. Furthermore, the percentage of respondents indicating that their organizations could not successfully manage an insider threat doubled to 8.6 per cent. There was also an increase in the percentage of respondents answering “Don’t know.”
Survey Question: Do You Feel Your Organization Could Successfully Manage an Insider Threat Incident?
Source: The Conference Board of Canada.
While there seems to be an increase in terms of respondents who believe their organizations could deal with most insider threats, overall confidence in dealing with these threats is down in 2017 when compared with the 2012 results. Could the complexities of our modern environment, combined with rapid change, be creating a more difficult environment for dealing with insider threats? Are improved awareness and recognition of insider threats highlighting new challenges that organizations are not prepared to deal with?
The preliminary results from the 2017 survey seem to suggest that while the likelihood of reporting an insider threat is high, the overall organizational confidence in managing an insider threat incident has decreased slightly. A larger survey sample size would help us come to some more definitive conclusions about this shift, and whether it truly represents a significant change.
We would like to increase the number of responses to our survey, to allow a deeper analysis of this issue in Canada and to update our recommendations. We are grateful to everyone who participated in the first round of the renewed survey in 2017. The Insider Threat Survey is open until February 16, 2018. If you have not done so already, we invite you to add your voice to this important research. The findings from the enlarged survey will be released as a series of blogs once the analysis is complete.
Building a Cyber Savvy Board