Insider threat: The human element of cyberrisk

Tucker Bailey, Brian Kolo, Karthik Rajagopalan and David Ware | McKinsey&Company

Cyber programs often miss the significant portion of risk generated by employees, and current tools are blunt instruments. A new method can yield better results.

Insider threat via a company’s own employees (and contractors and vendors) is one of the largest unsolved issues in cybersecurity. It’s present in 50 percent of breaches reported in a recent study. Companies are certainly aware of the problem, but they rarely dedicate the resources or executive attention required to solve it. Most prevention programs fall short either by focusing exclusively on monitoring behavior or by failing to consider cultural and privacy norms. Read more