While most enterprisewide cyber security programs focus on threats to high-tech intellectual property posed by outsiders, they also should examine any insider threats that may be lurking within organizations, cyber security experts advise.

Organizations need to be very careful about which employees are given access to sensitive company information, said Ben Beeson, a partner at Lockton Cos. L.L.P. who leads the Kansas City, Mo.-based insurance broker's global technology and property practice from London.

“It's about understanding people and your processes internally — who gets access, who's touching it. Have privileged access for some people, because people are the biggest risk, particularly on the inside,” Mr. Beeson said.

Companies should consider conducting thorough background checks on information technology security personnel before hiring them, said Greg Bangs, vice president and crime and kidnap and ransom product manager at Chubb Specialty Insurance, a unit of Chubb Corp. in Warren, N.J.

“The bad guys are using a two-pronged attack method. An insider or someone gets a job as a programmer or database administrator who gives credentials to an outside hacker. It's a low-tech tactic combined with high-tech tactics,” said Larry Poneman, founder and chairman of the Ponemon Institute L.L.C. in Traverse City, Mich., whose February study “The Risk of Insider Fraud” found that small and midsize businesses are more vulnerable to cyber threats from inside their organizations because they often lack the internal controls necessary to protect their high-tech intellectual property.

In the event the need arises to prosecute perpetrators of such intrusions, midsize organizations also should establish relationships ahead of time with the appropriate law enforcement agencies, their Internet technology service providers and legal counsel in the jurisdictions where they are doing business, recommends Jody Westby, founder and CEO of Global Cyber Risk L.L.C., a Washington-based firm that provides cyber security and advisory services to businesses and governments worldwide.