We are a niche consultancy focused solely on doing one thing really well: helping you protect your business from insider threat without hampering growth or innovation.

We do this by understanding your business, benchmarking it against our specially designed insider risk management review methodology and drawing on our decades of experience to make you more resilient against insider threats.

This is all underpinned by our own insider risk psychology capability to help understand the behaviours and culture of an organisation and how they help or hinder an insider risk management approach.

Carnegie Mellon University, the world leader in the study of insider threat, warns “the threat of insider attacks is both real and substantial”. The Securinox 2024 Insider Threat Report shows from their survey that insider attacks have increased from 66% of organisations surveyed to 76% over the past five years. This escalating trend makes managing insider risk not just a necessity but a strategic priority.

Cyber security defences in organisations are getting better and we're learning not to click those suspicious links. But at the same time things such as cost of living issues, socio-political tensions, malice and greed are creating a significant rise in insider risk. Organised criminal groups and hostile state actors excel in exploiting those things, leaving us in a position where if someone is not self-motivated to become an insider then they may well be spotted by bad actors and exploited to act against an organisation's interests.

In most organisations we've engaged with we have discovered disjointed approaches to insider risk management, an over reliance on institutional trust and cyber security defence measures and an absence of insider risk management assurance activities. There have been training shortfalls, internal tensions on who owns insider risk management controls, an absence of testing, information silos and failures to share information with the right people and at the right time. These factors all enhance the risk and are easily exploited by adversaries. Organisations must not ignore them. We have surfaced these issues, resolved internal tensions and led pragmatic material change to make organisations stronger.

At the heart of SSIR, we understand that insider risk management is a delicate balance. You don’t want excessive controls that hinder operations, but you also can’t leave your business exposed. We help you strike that balance, implementing proportionate, risk-based strategies that empower—rather than restrict—your business and foster staff goodwill.

In the simplest terms we do this by understanding your business and how it operates. We set this against our specially designed insider risk management review methodology and draw on our own insider risk psychology capability to make recommendations that fit your organisation.

We do one thing really well: insider risk management. Our recommendations will play to your strengths, will be pragmatic and not burdensome. We will also help, if you need it, with implementation of recommendations, training, awareness raising, governance advice and assurance activities.