Insider Risk

In this paper we highlight some of the factors driving the increasing insider risk, give examples of the broad range of risks and introduce the PwC insider risk reduction framework.

The National Institute of Standards and Technology (NIST) defines insider risk as the potential risk that an insider, who has authorised access to an organisation’s systems, data or networks, might misuse this access, either intentionally or unintentionally, to cause harm. This harm could affect the security of organisational operations, assets, individuals, other organisations, or even national security. 

The term ‘insider’ is often synonymous with a malicious employee intent on stealing intellectual property (data theft) for financial gain. In our experience, the range of driving factors is much broader than greed, and the nature of harmful activities more varied than data theft. Many insiders are themselves victims of other issues and come to regret their choices, and in particular the impact their actions have on their colleagues.

Switzerland’s highly educated workforce and its information-driven industries, such as pharmaceuticals, finance and technology, combined with its reputation for stability, privacy and geopolitical neutrality, might suggest a lower level of insider risk compared to some other countries. However, Switzerland faces its own unique set of insider threats.

Switzerland has a long history in financial services and is renowned for its banking secrecy and custodianship of sensitive financial data. This makes the country a particularly attractive target for insiders who may seek to exploit or exfiltrate such high-value information for personal gain or external entities. Drawing from our expertise, the financial data maintained by Swiss institutions is of significant interest to both malicious insiders and foreign intelligence agencies, increasing the potential risk of insider threats.

Additionally, Switzerland consistently ranks at the top of the Global Innovation Index (ranked first in the 2023 report), underscoring its status as a global leader in innovation across sectors like technology, pharmaceuticals and scientific research. Based on our experience, the strong focus on innovation makes Swiss companies a target for insiders tempted to steal intellectual property, trade secrets or sensitive research data. The high value of this intellectual property, driven by its potential for competitive advantage or financial reward, creates a strong incentive for insiders to commit data theft.

While Switzerland holds a unique position as a hub of financial secrecy and innovation, we see various cases also in other industries, which in summary make Switzerland a high-value target for insider threats. Organisations in Switzerland must balance their traditions of trust and discretion with robust insider risk management strategies to mitigate these risks effectively. 

Theft of data and intellectual property for financial gain is an obvious insider risk (employees stealing valuable data, documents or source code), but other scenarios also occur frequently. Sabotage of key data and systems, embarrassing media leaks, communications defacement, subversion of financial processes or enabling threat actor access to systems are examples, and can involve employees, contractors or third parties exploiting their access. 

Even harder to detect can be the deletion or corruption of valuable data to erode competitive advantage (e.g. client relationship data) before becoming a competitor, deliberately entering damaging financial agreements on behalf of the company to cause long-term financial issues (e.g. impactful contracts, bad trades) or poisoning client, partner or staff relationships. 

Extensive post-incident research and our own first-hand experience supporting clients in the aftermath of insider incidents have shown a broad spectrum of underlying causes. Insiders most often cause an incident inadvertently or due to negligence, others are compelled to act under duress or due to financial or ideological pressures. Several societal, geopolitical, economic, technical and regulatory factors are driving the increase in insider risks:

Drawing from our expertise, we recognise that insider risks are an increasingly significant issue for organisations today. To help mitigate these risks, we recommend starting with the following three essential steps:

• Assess Your Data Protection Strategies: Evaluate how effectively your data classification policies safeguard sensitive information. Ensure that all data is appropriately categorised and protected according to its level of sensitivity.
• Implement Robust Forensic Capabilities: Verify that you have the right measures in place to conduct thorough forensic investigations when incidents occur. This includes having proper logging, monitoring and data restoration capabilities.
• Develop Predictive Threat Detection: Utilise advanced tools such as User and Entity Behavior Analytics (UEBA) and comprehensive logging to identify and predict abnormal behaviour patterns that may indicate insider threats.

In today’s dynamic business environment, understanding and protecting your organisation from insider risks is as critical as safeguarding it from external attacks. Customised insider risk management is crucial because it addresses the unique vulnerabilities and operational realities of your organisation. Unlike generic solutions, tailored risk prevention strategies are designed to fit the specific needs, culture and structure of your company, ensuring reduced insider risk in general, or tailored to specific events likely to affect insider risk.

At PwC, we understand that no two organisations are alike. Our expert team works closely with you to identify potential insider risks and develop a comprehensive mitigation plan that aligns with your business objectives. By leveraging industry best practices and advanced analytics, we create a proactive defence framework that not only mitigates risks but also promotes a secure and trustworthy work environment and evolves as you do.

Investing in customised insider risk prevention means investing in the longevity and integrity of your business. Let us help you build a resilient organisation, prepared to tackle insider threats head-on with solutions that are as unique as your company’s.

How we address it:

PwC’s holistic insider framework

PwC benchmarks the elements of insider risks to your specific situation and maturity.

What sets us apart from other insider risk solution providers?

• Comprehensive Solutions: We offer an integrated approach that combines our deep experience in consulting, risk management and forensic investigations. This allows us to address insider risks from multiple angles, ensuring a robust defence. 

• Global Presence, Local Expertise: With a global network, we have the capability to deliver solutions that are both globally informed and locally relevant. 

• Industry-Specific Insights: Our extensive knowledge across various industries means we can create customised strategies that align with the specific insider risk challenges and regulatory landscapes of your sector. Our Forensics and Incident Response teams are world-class. We learn from others’ incidents and continuously update our Insider Risk framework. 

• Cutting-Edge Technology: We utilise advanced technology, including AI and machine learning, to detect and monitor potential insider threats. Our tools are designed to provide you with actionable insights, enhancing your ability to respond swiftly and effectively. 

• Building a Culture of Security: We believe in empowering your workforce through comprehensive training and awareness programmes. By educating your employees, we help foster a culture where security is a shared responsibility. 

• Compliance and Governance: Our expertise in legal and regulatory compliance helps you navigate the complexities of data privacy and industry-specific regulations, ensuring that your insider risk practices meet the highest standards. 

• Flexible and Scalable Solutions: We understand that each organisation is unique. Our solutions are designed to be flexible and scalable, adapting to your needs as your business evolves.