author photo
By Bruce Sussman
Fri | Aug 10, 2018 | 4:33 AM PDT

When Larry Ponemon tells you that something in his research on cybersecurity surprises him, your ears perk up.

Is there anyone who has more insight on the issues information security leaders are facing in 2018?

We interviewed Ponemon before his keynote at a regional SecureWorld conference and discussed his benchmark study on the "Insider Threat" your company faces.

That's where his findings were inconsistent with what he expected. 

Dr. Ponemon's research revealed that many companies actually make a decision to discount red flags involving current employees and insider threats.

"We found that companies err on the side of goodness. They don't want to accuse somebody without full evidence of a crime, so they write it off as negligence," he told SecureWorld. 

"And we discovered insider threats are not viewed as seriously as external threats, like a cyber attack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever."

That finding reminds us of our story about the Columbia Sportswear IT director charged with setting up an alias account so he could secretly hack the company's network. And the almost unbelievable case of the insider threat ignored at the FDIC

And we're still not sure what Tesla's insider threat program looked like or whether the company had one. But according to Elon Musk's email to employees, the damage sounds significant.