Download the 2023 Cybersecurity Risk Report from RiskLens
Insider Error = Misconfigurations, failures to renew expired certificates, improper publishing and other unintentional errors by staff members that can have damaging consequences to the bottom line.
Our 2023 report enables you to drill down into your industry by risk themes to uncover the most probable frequency and financial impact of loss events. And, if you’re in Public Administration or Healthcare, the news is not good.
Those two industries lead the lists with some chilling stats for Average Annual Probability of a Loss Event:
Why the relatively high likelihood of insider risk? If you think of the two main factors at play
1. Extent of employee access to sensitive records – Healthcare puts very large amounts of sensitive PHI in the hands of staff. Rapidly expanding digitization of medical records adds to inadvertent exposure by insiders (see this: Hospital Websites Are Sending Medical Information to Facebook).
2. Weakness of controls to prevent records exfiltration or other loss events – Public Administration, particularly at the local government level, is chronically under-funded for cybersecurity spending and uncompetitive for cybersecurity staffing.
A note about methods for the RiskLens Annual Cybersecurity Report:
The RiskLens data science team ranks risks by average loss exposure (per risk scenario), summarizing how losses play out probabilistically over 10,000 simulated years, incorporating both the probable cost and probability of occurrence of the events. It’s a measurement in dollars that security and risk teams can use to inform cost-effective spending decisions.
The representative/reference organization used for this simulation study is a mid-sized organization in North America of 500-1,000 employees and $100M-$1B in revenue with personally identifiable information (PII) records at risk.