Market Overview

Research from ObserveIT Reveals Major Insider Threat Disconnect in the Workplace


Majority of respondents say they understand the definition of an
insider threat, but data shows the insider threat risk is growing rapidly

the leading insider threat management provider with more than 1,700
customers around the world, today released the Multigenerational
Workforce and Insider Threat Risk study
that reveals the
disconnect between cybersecurity awareness and insider threat risk, and
the differences in generational cybersecurity awareness within the
workplace. ObserveIT surveyed more than 1,000 full-time employees ages
18-65+ at organizations with more than 500 employees on their
understanding and awareness of cybersecurity programs. The results show
the majority (65 percent) of respondents reported they understand the
definition of an insider threat.

The data indicates 64 percent of respondents agree careless employees or
contractors are the most common cause of insider threats. This directly
correlates with recent
from the Ponemon Institute showing negligent insider actions
caused 64 percent of all insider threat incidents in the past 12 months.

The Ponemon data also shows the risk posed by insider threats is growing
year-over-year. Since 2016, the average number of incidents involving
employee or contractor negligence has increased by 26 percent and the
cost to contain an incident in North America has risen to $11.01 million.

The fact that employees self-report understanding insider threats and
adhering to cybersecurity policies, while insider threat-related
incidents continue to rise, indicates organizations may have a false
sense of security based on their expectations of employees'
understanding of insider threats. Lack of consistent understanding
around the risks posed by insider threat activity can introduce
accidental or negligent insider threat behavior within the workplace.
And, the increased risk of insider threats is costing organizations
significant money and resources as these threats can be difficult to
detect, identify and prevent without the right processes and technology
in place.

"While the threat of the insider continues to grow, this research proves
that when it comes to cybersecurity awareness and insider threat
prevention, organizations need to take a holistic approach to
cybersecurity and focus on people first, then processes and technology,"
said ObserveIT CEO Mike McKee. "With a new generation entering the
workforce, organizations should increase security awareness training for
new hires and implement processes and technology to ensure both
employees and contractors with access to systems and data understand and
adhere to the company cybersecurity policy to prevent insider threats."

Key findings from the survey include:

  • The Risk of the Accidental Insider: Almost two-thirds (61
    percent) of respondents say they know what an insider threat is.
    However, this points to the dangers posed by naïve employees who may
    not understand the hidden dangers of insider threats, or who may only
    define insider threats as purely malicious in intent rather than
    malicious and negligent behavior.
  • The Generational Divide: Generation X and Baby Boomers are the
    least risky generations within the workplace, as 90 percent of
    45-54-year-olds and 55-64-year-olds report they follow their company's
    cybersecurity policy.
  • Entrants to the Workforce Present Challenges: Generation Z
    poses the highest overall cybersecurity risk to organizations, as more
    than one third (34 percent) of 18-24-year-olds report that they don't
    know nor understand what is included within their company's
    cybersecurity policy. This group was also the most likely of any
    generation to report that they do not follow their company's
    cybersecurity policy, even if they do understand it.

To review the results of ObserveIT's Multigenerational Workforce and
Insider Threat Risk study, visit

For more information on ObserveIT and to review the 2018 Ponemon
Institute Cost of Insider Threats: Global Organizations study, visit

About ObserveIT
ObserveIT is the leading Insider Threat
Management solution with more than 1,700 customers across 87 countries.
ObserveIT is the only solution that empowers security teams to detect
insider threats, streamline the investigation process, and prevent data
exfiltration. With 300+ out-of-the-box insider threat indicators of
compromise, rich metadata and outstanding search capability and playback
of any policy violation, ObserveIT provides comprehensive visibility
into what people – contractors, privileged users and high-risk users –
are doing, and reduces investigation time from days to minutes. For more
information visit:

View Comments and Join the Discussion!