Less Than 25 Percent of Businesses Assess Employee Risk Post-Hire

May 3, 2017

While more than 98% of businesses conduct pre-hire background checks on potential new employees, less than one-quarter of businesses proactively screen current employees - exposing CXOs and Boards to significant safety, security and compliance risks. However, business and security executives are three times more interested in closing the employee security gap than HR and IT, according to the Endera Insider Risk Survey.

1 in 1,000 employees are arrested every month, but only 1 in 4 CXOs surveyed believe they would know if an employee had a recent criminal incident - as most businesses cease background screenings at the point of hire. At the same time, insider threat management cybersecurity tools focus only on data and device level behavior, data loss prevention or identity and access management – creating a blind spot for executives increasingly accountable for risks posed by employee behavior.

Additional key findings include:

The survey reveals that less than 30% of senior executives say they would know if an employee was arrested, put on a criminal watch list, or lost a key certification or license. But CXOs overwhelmingly want to close this insider risk blind spot:

91% want to know if an employee has been added to a criminal watchlist
82% want to know if an employee is booked or arrested
53% want to know if an employee loses a key certification
48% want to know if an employee is in financial distress
33% want to know if an employee is involved in a lawsuit

Background checks have historically been seen as an HR function, and IT does a lot to detect insider threats. However, the Endera survey reveals general business and security executives are the most interested closing the post-hire security gap. 79 percent of security executives and 81% of operations executives would screen or consider screening their entire workforce every day if they could.

For service companies, where employees interact directly with customers or have access to customers’ valuable assets, the insider threat risk is even greater. The Endera survey finds service companies are more than twice as likely to want employee risk alerts as their counterparts in other industries.

Within the service industry, the risk to executives in fast growing “on-demand” workforces with significant interaction between customers and employees/contractors, such as those in transportation and home health care, have become particularly complex and acute.

The survey of 278 business executives in varying roles and industries was conducted in December 2016. Survey data is also available segmented by small businesses, mid-sized firms and large enterprises.

http://lp.endera.com/rs/769-LZZ-364/images/Endera%20Survey%20eBook%20031617.pdf

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Less Than 25 Percent of Businesses Assess Employee Risk Post-Hire

Related Articles

Report Abusive Comment