RSA Exclusive: Try new products, meet our executive team, and see VIP guests you won't find anywhere else.


Forcepoint and Ponemon Institute Survey Finds Organizations Challenged When Monitoring Privileged Users, Preventing Insider Threats

Susan Helmick
August 23, 2016, 12:00 am CDT

Survey Reveals Majority of IT Operations and Security Managers Believe Access Often Extends Beyond the Needs of Privileged Users

AUSTIN, Texas  August 23, 2016 – Global cybersecurity leader Forcepoint, in partnership with the Ponemon Institute, a leading IT security research organization, today released the results of its “Insecurity of Privileged Users” study, comparing data sets from 2011 and 2014 with present day. Although insider leaks and attacks continue to multiply, this study found that 58 percent of IT operations and security managers believe their organizations are unnecessarily granting access to individuals beyond their roles or responsibilities with 91 percent predicting the risk of insider threats will continue to grow or stay the same.

With more than 40 percent of respondents agreeing that malicious insiders would use social engineering to obtain privileged user access rights – up 20 percent from 2011 data – it’s no surprise then that the majority of those surveyed expect insider threats to remain an issue. More than 600 commercial and 142 federal IT operations and security managers participated in the study.

Approximately 70 percent of both groups surveyed think it is “very likely” or “likely” that privileged users believe they are empowered to access all the information they can view. Nearly 70 percent also believe that privileged users access sensitive or confidential data simply out of curiosity. With these large percentages in mind, only 43 percent of commercial and 51 percent of federal organizations today said they have the capability to effectively monitor their privileged user activities. A majority said that only 10 percent or less of their budget is dedicated to addressing this significant challenge. 

While budget and the human element are factors in addressing the insider threat challenge, technology deficiencies are also playing a role. The survey found that a significant number of respondents use existing cybersecurity tools to combat insider threats, rather than more targeted technologies (e.g. 48 percent of commercial and 52 percent of federal organizations use a SIEM to determine if an action is an insider threat). As a result, more than 60 percentindicated that these tools yield too many false positives. What’s more, a majority of both audiences surveyed (63 percent commercial and 75 percent of federal organizations) lack the necessary contextual information required to prevent insider threats from happening.

 To access the full report, go to:

Supporting infographics can be found here:

“The best approach to mitigating privileged user abuse is a comprehensive and layered approach that implements best practices, incorporates process and technology and most importantly, addresses the people behind the permissions,” said Forcepoint Technical Director of Insider Threat Solutions, Michael Crouse. “Damage caused by privileged users is the most extensive, the hardest to mitigate and the most difficult to detect, as it is done by authorized users doing things they are authorized to do. This report underscores the enormous gap between organizations’ awareness of the problem and their ability to solve it.”

About ForcepointForcepoint’s portfolio of products safeguards users, data and networks against the most determined adversaries, from accidental or malicious insider threats to outside attacks, across the entire threat lifecycle. Forcepoint protects data everywhere – in the cloud, on the road, in the office – simplifying compliance and enabling better decision-making and more efficient security. Forcepoint empowers organizations to concentrate on what’s most important to them while automating routine security tasks. More than 20,000 organizations around the world rely on Forcepoint. Based in Austin, Texas, with worldwide sales, service, security laboratories and product development, Forcepoint is a joint venture of Raytheon Company and Vista Equity Partners. For more about Forcepoint, visit and follow us on Twitter at @ForcepointSec.

Join Forcepoint on Social Media