The human dimension of security

Cyber and physical security
are not enough

Understand and manage insider risk

Many of the least well understood risks facing organisations are those arising from insiders - people who betray trust by behaving in potentially harmful ways. 

Most corporate risks and cyber security breaches have an insider element.  Yet personnel security is rarely given the attention devoted to physical or cyber security – until it is too late.

Insiders have been found in every type and size of organisation, from small tech start-ups to multinational corporations and government departments.

Protect your organisation

The actions of insiders – intentional or unwitting – cause many types of harm:

Loss of data, IP or money

Destruction of physical or cyber assets

Disruption of business and services

Workplace violence and abuse

Compromise of sensitive information

Legal and regulatory action

Erosion of competitive advantage

Loss of stakeholder trust and confidence

Reputational damage

Insiders, wittingly or unwittingly, can also help criminals, foreign states, terrorists and other external threat actors to inflict catastrophic damage.

Tackling insider risk

Insider risk changes over time and evolves to circumvent protective measures. No single process or piece of technology by itself can provide adequate protection. We take a systematic, multi-layered approach in which complementary elements, including leadership, management, culture, and a solid understanding of the risk, are brought together to form an integrated system of personnel security defences. Building a high-trust environment in this way has benefits beyond security.

Our services

We help organisations to understand insider risk and its consequences, identify gaps in their security, and design and build the right defences.

    • Understanding your threat environment and related insider risks

    • Identifying your current strengths and weaknesses

    • Recommending improvements based on your resources and current maturity

    • Enabling a shared understanding by your board of your organisation’s insider risk and their responsiblities

    • Awareness of insider issues (HR, IT, legal, learning & development, compliance, and ethics)

    • Practitioner guidance and problem solving

    • A retained service of independent on-call advice

    • Independent assessment against best practice

    • Facilitating a strategic approach to managing insider risk as part of a broader approach to organisational resilience and security

    • Identifying measures of success, key risk indicators and dashboards

    • Supporting stakeholder group maturity

    • Tabletop exercises

    • Practitioner training

    • Communicating risk