Latest CRAE cybersecurity activity study highlights emerging risks from new and disgruntled employees

Published on
April 14, 2021

Quarterly tracker shows organizations advancing plans to strengthen security policies, increase training, and invest in technology

New York, NY, April 14, 2021 – Large organizations in North America and Europe saw new and disgruntled employees as a clear cybersecurity threat in the fourth quarter of 2020, with most (54%) developing or modifying programs to address users, roles, privileges, applications and/or data, according to the latest Cybersecurity Resource Allocation and Efficacy (CRAE) Index.

Fourth quarter data also shows the financial services and high-tech/business services sectors experienced a surge in threats, with roughly 60% of each segment reporting an increase. Additionally, high profile hacks from nation states like the one against SolarWinds and ransomware attacks from cybercriminals drove tech investment in Q4, particularly within the often-targeted health care sector.

The CRAE Index, developed and published by the CyberRisk Alliance Business Intelligence unit and underwritten by Ivanti, reports on the overall focus and direction of organizations’ cybersecurity activities, spending, and perceived progress over time. Data is derived from quarterly surveys among 300 business, IT, and cybersecurity professionals at organizations with at least 500 employees in manufacturing, high tech/business services, financial services, and healthcare industries in North America and Europe.

According to the latest report, organizations paid special attention to employees onboarded in 2020, being vigilant about new hires and their online activities. Disaffected staff members were also on respondents’ radar as the pandemic and social and economic conditions contributed to workforce tensions. “Disgruntled employees have been our largest issue,” according to one U.S. respondent in financial services. Recognition of the threat posed by the internal workforce drove investment between Q3 and Q4 as well as more resources towards employee cybersecurity training.

For more detail about where organizations are spending the most money and the threats that most concern them, click here to view or download the full report.

About CyberRisk Alliance
CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community and inspire an efficient marketplace. Our trusted information leverages a unique network of journalists, analysts and influencers, policymakers and practitioners. CRA’s brands include SC Media, Security Weekly, InfoSec World, Cybersecurity Collaboration Forum, our research unit CRA Business Intelligence, and the peer-to-peer CISO membership network, Cybersecurity Collaborative. More information is available at

We're Here to Help

From news, analysis, and insight, to events, communities, custom content and marketing solutions, the CyberRisk Alliance portfolio provides support to the entire cybersecurity ecosystem. We'd love to help support your goals.