Security tool provider Proofpoint released a report to identify the costs and trends associated with insider threats.
While the stereotype for insider threat is the malicious insider, that is only one part of the insider threat. Other insider threats include the negligent insider and the compromised insider.
The report, conducted by Larry Ponemon’s group, said that impacted organizations spent, on average, $15 million a year on overall insider threat remediation and it took them 85 days to contain each incident.
Proofpoint says that the combination of sustained remote and hybrid work along with the great resignation has resulted in increased risk around insider threat.
Some of the key points from the report are:
- Cost due to insider threat is up 34% from 2020
- The overall number of incidents is up by 44% in the last two years
- The majority of the insider threat is due to negligence, which means that no organization is immune. We are not talking about spies here, we are talking about people not taking enough care to protect the information
- A quarter of the incidents were due to malicious insiders and each of those incidents cost more than a half million dollars to fix
- Credential theft incidents have more than doubled since their last study and cost over $800k each to fix
Not surprisingly, financial service organizations and professional services have the highest average costs.
While large organizations spent more on average to resolve insider incidents, companies with less than 500 employees spent an average of $8 million, which is quite substantial.
Some of the clues that your organization is at risk are:
- Employees are not trained to understand security requirements
- Employees do not know how to protect their devices
- Employees send confidential information via unsecured channels
- Employees break the rules to make things simpler for them and
- Devices are not actively patched