Content, Content

Insider Threat Costs: Key Cybersecurity Research Findings

​Insider threats​ cost organizations $11.5 million on average worldwide in 2020, a ​31 rise in the past two years, while the frequency of incidents spiked 47 percent to 4,716 during the same time period, a new report calculated.

Despite the rising costs and number of incidents, insider threats are often bypassed within organizations in favor of combating external threats, the 2020 Cost of Insider Threats: Global Report, sponsored by IBM and ObserveIT, said. For the purposes of the research, insider threats are linked to a careless or negligent employee or contractor, a criminal or malicious insider or a credential thief. To gather data, researcher Ponemon interviewed 204 organizations and 964 IT and security personnel in August and September, 2019.

“Whether they are caused accidentally or maliciously, insider threat incidents cannot be mitigated with technology alone,” the report reads. “Organizations need an insider threat management program that combines people, processes, and technology to identify and prevent incidents within the organization.”

Some top-level results from the study:

  • Containment, at an average of $211,533 per company annually, is the highest overall cost center for organizations.
  • Investigations, which cost 86 percent more now than three years ago, is the fastest growing cost center.
  • Incidents that took more than 90 days to contain cost organizations an average of $13.71 million on an annualized basis.

Here’s are 10 data points organizations need to know about the price of insider threats:

  • Each incident involving a negligent employee or contractor can cost an organization an average of $307,111. Total costs can run to $4.6 million a year.
  • If an incident involves an impostor or thief the average cost roughly tripled to $871,686.
  • Since 2018, the average number of incidents involving employee or contractor negligence has increased from 13.2 to 14.5 per organization.
  • The theft of privileged users’ credentials, at 14 percent of incidents, costs each organization an average of $2.8 million annually.
  • The average number of credential theft incidents has climbed in the last two years from one per organization to 2.7 per organization.
  • Criminal and malicious insiders, at 23 percent of overall incidents, cost organizations an average of $755,760 per incident and roughly $4.1 million annually.
  • 60 percent of organizations had more than 30 incidents per year.
  • Investigation is the fastest-growing activity cost center at $103,798.
  • Large organizations with 25,001 to 75,000 employees spent an average of $18 million over the past year to resolve insider-related incidents. Smaller-sized organizations with a headcount under 500, spent an average of $7.68 million.
  • The fastest-growing industries for insider threat were retail (38 percent two-year increase) and financial services (20 percent two-year increase).

According to the report, an organization is at risk if its employees are:

  • Not trained to fully understand and apply laws, mandates, or regulatory requirements of their work and that affect the organization’s security.
  • Unaware of the steps they should take to ensure that the devices they use, both company-issued and personal used at work, are secured at all times.
  • Sending highly confidential data to an unsecured location in the cloud.
  • Breaking an organization’s security policies to simplify tasks.
  • Exposing your organization to risk if they do not keep devices and services patched and upgraded to the latest versions at all time.

Here are 10 of the study’s key recommendations:

  • Ensure the right groups and stakeholders are involved in the organization’s secure operations center.
  • Limit user access to non-essential data or attempt to limit the duration of time privileged users can access the information needed to complete a task.
  • Look for leading behavioral indicators to uncover a potentially malicious insider threat.
  • Evaluate the organization’s risk and develop a dedicated insider threat function.
  • Establish consistent, repeatable processes that are fair to all employees.
  • Invest in training for users in areas such as secure data handling, awareness and vigilance.
  • Consider the impact an insider threat solution will have on performance, management, deployment, stability, and flexibility.
  • Choose a solution that can scale as the organization grows.
  • Keep in mind a vendor’s expertise on insider threat vs. external detection and prevention.
  • Determine if the solution gives visibility into what users are doing, particularly privileged users.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.