Eighty-five percent of federal IT managers say their agency is more focused on combating insider threats today than one year ago, and most are formalizing their efforts through formal insider threat programs, according to MeriTalk’s 2017 Federal Insider Threat Report, underwritten by Symantec.

However, the rate of insider-perpetrated cyber incidents has not changed much since the report was last released in 2015. In 2017, 42 percent of agencies say they have been targeted by such incidents compared to 45 percent in 2015. Twenty-three percent of respondents say their agency had lost data to an insider-perpetrated cyber incident in the past 12 months.

The report notes that agencies that have lost data to insider incidents are less likely to have basic security measures – incident response systems, continuous monitoring, data loss prevention – in place, and less than half of agencies have increased encryption adoption, enabled real-time activity monitoring or enforced separation of duties policies following increasing use of cloud-based systems. Fifty-nine percent of federal IT managers surveyed say that the increasing number of cloud-based systems has made insider threats more difficult to detect.

While 86 percent of agencies report they have a formal insider threat prevention program, not all programs are created equal; some are missing key components, such as formal threat detection protocols, formal threat response protocols, and systems for reporting and maintaining records on potential or actual insider threat incidents.