Negligent insiders are the root cause of 56% of cyberattack incidents, while credential thefts have almost doubled and are the costliest to remediate, at an average of over US$800,000 per incident. Proofpoint has released brand new research showing that businesses globally are losing around £11.4 million (US$15.4 million) every single year because of insider cyberthreats.
Proofpoint, a leading cybersecurity and compliance company, has released its 2022 Cost of Insider Threats Global Report to identify the costs and trends associated with negligent, compromised and malicious insiders. Notably, on average, impacted organisations spent US$15.4 million annually on overall insider threat remediation and took 85 days to contain each incident.
The report, independently conducted by Ponemon Institute, is issued every two years and now in its fourth edition. It surveyed over 1,000 IT and IT security practitioners across North America, Europe, Middle East, Africa and Asia-Pacific. Each organisation included in the study experienced one or more material events caused by an insider. The report reveals that over the last two years, the frequency and costs associated with insider threats have increased dramatically across all three insider threat categories, including: careless or negligent employees/contractors; criminal or malicious insiders; and cybercriminal credential theft.
“Months of sustained remote and hybrid working leading up to ‘The Great Resignation’ has resulted in an increased risk around insider threat incidents, as people leave organisations and take data with them,” said Ryan Kalember, Executive Vice President of Cybersecurity Strategy at Proofpoint. “In addition, organisational insiders, including employees, contractors and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data and infrastructure. With people now the new perimeter, we recommend layered defences, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of risks.”
Key findings of this year’s 2022 Cost of Insider Threats Global Report include:
• Organisations impacted by insider threats spent an average of US$15.4 million annually — that’s up 34% from US$11.45 million in 2020.
• The overall number of incidents has increased by a staggering 44% in just two years. The frequency of incidents per company has also gone up with 67% of companies experiencing between 21 and more than 40 incidents per year, up from 60% in 2020.
• The negligent insider is the root cause of most incidents. A high number (56%) of reported insider threat incidents were the result of a careless employee or contractor, costing on average US$484,931 per incident. This could be the result of a variety of factors, including not ensuring their devices are secured, not following the company’s security policy, or forgetting to patch and upgrade.
• Malicious or criminal insiders were behind one in four incidents (26%) at an average cost per incident of US$648,062. Malicious insiders are employees or authorised individuals who use their data access for harmful, unethical, or illegal activities. Malicious insiders are harder to detect than external attackers or hackers because employees are increasingly granted access to more information to enhance productivity in today’s work-from-anywhere workforce.
• Credential theft incidents have almost doubled since the last study. At an average of US$804,997 per incident, credential theft is the costliest to remediate. The intent of the credential thief is to steal users’ credentials that will grant them access to critical data and information. A total of an average 1,247 incidents (or 18%) involved cybercriminals stealing credentials.
• The time to contain an insider incident increased from the last study. It takes an average of nearly three months (85 days) to contain an insider incident, up from 77 days in the previous study. Incidents that took more than 90 days to contain cost organisations US$17.19 million on an annualised basis, while incidents that lasted less than 30 days cost an average of US$11.23 million.
• Financial services and professional services have the highest average activity costs. The average activity cost for financial services is US$21.25 million and professional services is US$18.65 million. Service organisations represent a wide range of companies including accounting, consultancy and professional service firms.
• Organisational size affects the cost per incident. The cost of incidents varies according to organisational size. Large organisations with a headcount of more than 75,000 spent an average of US$22.68 million over the past year to resolve insider-related incidents. To deal with the consequences of an insider incident, smaller-sized organisations with a headcount below 500 spent an average of US$8.13 million.
• North American companies are spending more than the average cost on activities that deal with insider threats. The total average cost of activities to resolve insider threats over a 12-month period is US$15.4 million. Companies in North America experienced the highest total cost at US$17.53 million. European companies had the next highest cost at US$15.44 million.
Five signs that your organisation is at risk:
- Employees are not trained to fully understand and apply laws, mandates, or regulatory requirements related to their work and that affect the organisation’s security.
- Employees are unaware of the steps they should take to ensure that the devices they use — both company-issued and BYOD — are secured at all times.
- Employees are sending highly confidential data to an unsecured location in the cloud, exposing the organisation to risk.
- Employees break your organisation’s security policies to simplify tasks.
- Employees expose your organisation to risk if they do not keep devices and services patched and upgraded to the latest versions.
Dr Larry Ponemon, Chairman and Founder of the Ponemon Institute, said: “Insider threats continue to climb, both in frequency and remediation cost. That said, we are seeing the risk of malicious insider threats increase – with more users accessing business data from outside the confines of the office. This can blur the security team’s ability to identify and differentiate between well-meaning employees and malicious insiders trying to siphon sensitive business data.”