While more than 98% of businesses conduct pre-hire background checks on potential new employees, less than one-quarter of businesses proactively screen current employees - exposing CXOs and Boards to significant safety, security and compliance risks. However, business and security executives are three times more interested in closing the employee security gap than HR and IT, according to the Endera Insider Risk Survey.
1 in 1,000 employees are arrested every month, but only 1 in 4 CXOs surveyed believe they would know if an employee had a recent criminal incident - as most businesses cease background screenings at the point of hire. At the same time, insider threat management cybersecurity tools focus only on data and device level behavior, data loss prevention or identity and access management – creating a blind spot for executives increasingly accountable for risks posed by employee behavior.
Additional key findings include:
The survey reveals that less than 30% of senior executives say they would know if an employee was arrested, put on a criminal watch list, or lost a key certification or license. But CXOs overwhelmingly want to close this insider risk blind spot:
- 91% want to know if an employee has been added to a criminal watchlist
- 82% want to know if an employee is booked or arrested
- 53% want to know if an employee loses a key certification
- 48% want to know if an employee is in financial distress
- 33% want to know if an employee is involved in a lawsuit
Background checks have historically been seen as an HR function, and IT does a lot to detect insider threats. However, the Endera survey reveals general business and security executives are the most interested closing the post-hire security gap. 79 percent of security executives and 81% of operations executives would screen or consider screening their entire workforce every day if they could.
For service companies, where employees interact directly with customers or have access to customers’ valuable assets, the insider threat risk is even greater. The Endera survey finds service companies are more than twice as likely to want employee risk alerts as their counterparts in other industries.
Within the service industry, the risk to executives in fast growing “on-demand” workforces with significant interaction between customers and employees/contractors, such as those in transportation and home health care, have become particularly complex and acute.
The survey of 278 business executives in varying roles and industries was conducted in December 2016. Survey data is also available segmented by small businesses, mid-sized firms and large enterprises.