The Cost of Insider Threats Global Report, published by Proofpoint, Inc. in 2022, identifies the expenses and trends associated with negligent, compromised, and malicious insiders. Notably, impacted firms spent an average of $15.4 million per year on overall insider threat remediation, and each incident took an average of 85 days to contain.
Ponemon Institute conducts the report independently every two years, and it is presently in its fourth edition. Over 1,000 IT and IT security professionals from North America, Europe, the Middle East, Africa, and Asia-Pacific were polled. Each of the organisations studied had one or more material events caused by an insider. The frequency and expenditures associated with insider threats have increased considerably over the previous two years, according to the report, across all three insider threat categories, including: careless or negligent employees/contractors, criminal or malicious insiders, and cybercriminal credential theft.
“Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them, “said Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint.
He added, “In addition, organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure. With people now the new perimeter, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of risks.”
“This year’s report reveals that organizations in the Middle East and Africa have experienced the highest number of insider-related threats over the past 12 months, and are the most likely to experience credential theft”, said Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint.
He added, “It is therefore imperative that organizations in the region remain alert and foster a strong security culture among its employees through effective and ongoing security awareness training underpinned by a people-centric cybersecurity approach”.
Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute commented: “Insider threats continue to climb, both in frequency and remediation cost. That said, we are seeing the risk of malicious insider threats increase – with more users accessing business data from outside the confines of the office. This can blur the security team’s ability to identify and differentiate between well-meaning employees, and malicious insiders trying to siphon sensitive business data.”
This year’s 2022 Cost of Insider Threats Global Report key findings include:
Companies affected by insider threats spent an average of $15.4 million per year, up 34% from $11.45 million in 2020. Over a 12-month period, the total average cost of activities to address insider threats in the Middle East and Africa was $14.29 million, which is 22% higher than the cost in 2020.
In just two years, the overall number of events has climbed by 44 percent. The number of events per organisation has also increased, with 67 percent of enterprises reporting 21 to more than 40 incidents per year, up from 60% in 2020.
The majority of events are caused by a careless insider. A negligent employee or contractor was responsible for 56 percent of reported insider threat instances, which cost an average of $484,931 per incident. This could be due to a number of circumstances, including a failure to secure their equipment, a failure to follow the company’s security policy, or a failure to patch and upgrade.
Malicious or criminal insiders were responsible for one out of every four events (26 percent), with an average cost of $648,062 per incident. Employees or authorised personnel who utilise their data access for damaging, immoral, or unlawful purposes are known as malicious insiders. Malicious insiders are tougher to spot than external attackers or hackers since employees are increasingly provided access to more information to boost productivity in today’s work-from-anywhere workforce.
Since the last research, the number of occurrences of credential theft has nearly doubled. Credential theft is the most expensive to fix, costing an average of $804,997 each incidence. The credential thief’s goal is to steal users’ credentials, which provide them access to sensitive data and information. Cybercriminals stole credentials in an average of 1,247 occurrences (or 18%), according to the report.
In comparison to the previous study, the time it takes to contain an insider incident has increased. An insider event takes an average of nearly three months (85 days), up from 77 days in the prior survey. On a yearly basis, incidents that lasted more than 90 days cost organisations $17.19 million, while incidents that lasted fewer than 30 days cost $11.23 million.
The highest average activity costs are in financial and professional services. Financial services have an average activity cost of $21.25 million, whereas professional services have an average activity cost of $18.65 million. Accounting, consulting, and professional service firms are among the companies represented by service organisations.
The cost per occurrence is affected by the size of the organisation. The cost of incidents varies depending on the size of the company. Over the last year, large firms with more than 75,000 employees spent an average of $22.68 million to settle insider-related issues. Smaller businesses with less than 500 employees paid an average of $8.13 million to deal with the fallout from an insider attack.
North American companies are spending more than the average cost on activities that deal with insider threats. The total average cost of activities to resolve insider threats over a 12-month period is $15.4 million. Companies in North America experienced the highest total cost at $17.53 million. European companies had the next highest cost at $15.44 million.
Five signs that your organization is at risk:
Employees are not trained to fully understand and apply laws, mandates, or regulatory requirements related to their work and that affect the organization’s security.
Employees are unaware of the steps they should take to ensure that the devices they use—both company issued and BYOD—are secured at all times.
Employees are sending highly confidential data to an unsecured location in the cloud, exposing the organization to risk.
Employees break your organization’s security policies to simplify tasks.
Employees expose your organization to risk if they do not keep devices and services patched and upgraded to the latest versions.
