So that's about reasonable — spending lags behind concern pretty much everywhere.
The vendor's press release second highlighted statistic is another misleading one, that "64 percent believe malicious insider threats to be as damaging or more damaging than malicious external threats."
At first read, that makes it sound like respondents were more worried about insiders than outsiders.
In fact, only 26 percent percent thought that insiders were potentially more damaging — 37 percent thought that outsiders were, and 38 percent thought the two threats were about equal.
Notice the slight of hand?
Those who thought the two risks were about equal were lumped in with those who were more worried about insiders. If they were lumped in with the other camp, the quote would have been "75 percent of respondents believe malicious external threats to be as damaging or more damaging."
How does the vendor explain this? By arguing out that the statements was technically correct — and that even if only a quarter think that insiders are a bigger threat, it's still an important number.
"More respondents see malicious external threats as more damaging than malicious internal threats," admitted LaPoint.
"But the majority see the two as equally damaging, and still more than a quarter see insiders as more damaging," he said. "Those that see insiders as more than or equally as damaging as outsiders are, in our opinion, quite high, and we'd think the concern and investment to prevent them would be correspondingly higher."
Sign up for Computerworld eNewsletters.