Danger From Within: Proofpoint, Inc. today released the 2022 Cost of Insider Threats Global Report. This study examined both the costs and the latest developments in the matter of negligent or malicious insiders, as well as the impact of account takeovers by cybercriminals. On average, affected companies invested $15.4 million annually to clean up after security incidents caused by insiders. The mean time to contain such an incident was 85 days.
The study, conducted independently by the Ponemon Institute every two years, is now published in its fourth edition. More than 1,000 IT professionals and IT security professionals in North America, Europe, the Middle East, Africa and Asia Pacific were surveyed. Each company that participated in the study had one or more incidents caused by an insider. The report shows that over the past two years, the frequency and cost of insider threats has increased dramatically across all three insider threat categories: careless or careless employees/contractors, criminal or malicious insiders, and cybercriminals who can act as insiders by stealing access data.
“Many months of working from home or in hybrid form are currently leading to a large wave of layoffs in many companies and entire industries. This increases the risk of insider threats from departing employees,” said Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy. “All company insiders, including employees, contractors, and third-party providers, continue to be attractive targets for cybercriminals because of their pervasive access to critical systems, data, and infrastructure. Because these people are the de facto perimeter of the organization, we recommend a layered defense strategy to protect them. Most importantly, this includes a dedicated solution for managing insider threats, as well as extensive security awareness training to ensure the best possible protection against this type of threat.”
Key findings from this year’s Cost of Insider Threats Global Report include:
- Organizations affected by insider security incidents spend an average of $15.4 million annually to clean up the resulting damage– up 34 percent from $11.45 million in 2020.
- The total number of incidents has increased by 44 percent in just two years. Incident frequency per organization has also increased: 67 percent of organizations have between 21 and more than 40 incidents per year, up from 60 percent in 2020.
- the negligent insidersis responsible for most incidents. 56 percent of reported insider threat incidents were the result of a careless employee or contractor and cost an average of $484,931 per incident. This can be due to a variety of factors, such as devices not being secured, not following corporate security policies, or forgetting to install patches and upgrades.
- malicious orcriminal insiders are behind around a quarter of all incidents (26%) with an average cost per incident of $648,062. Malicious insiders are employees or authorized individuals who use their data access for harmful, unethical, or illegal activities. As employees gain access to more information to increase productivity in today’s remote work environment, malicious insiders are often more difficult to detect than external attackers or hackers.
- The number of incidents in which cybercriminals became insiders by stealing credentials has almost doubled since the last survey.This type of insider incident is the most expensive type of damage, averaging $804,997 per incident. An average of 1,247 insider incidents (or 18%) involve the theft of credentials by cybercriminals, giving them access to critical company data and information.
- The time it takes to contain an insider incident has increased since the last study.It takes an average of almost three months (85 days) to contain such an incident, compared to 77 days at the last survey. Incidents that took more than 90 days to contain cost organizations $17.19 million annually, while incidents that lasted less than 30 days cost an average of $11.23 million.
- Financial services and professional services have the highest average costs of insider activity.In the financial services industry, the average cost is $21.25 million and in the case of professional services, it is $18.65 million. Service firms encompass a wide range of organizations, including accounting, consulting, and professional services firms.
- The size of a company affects the cost per incident.The cost of insider trading varies by company size. Large companies with more than 75,000 employees spent an average of $22.68 million on cleaning up damages caused by insider trading last year. In contrast, smaller companies with fewer than 500 employees spent an average of $8.13 million to deal with the aftermath of an insider incident.
- North American companies face disproportionately high costs of dealing with insider trading.The average total cost of insider incident remediation over a 12-month period is $15.4 million. Companies in North America recorded the highest total costs with 17.53 million US dollars. European companies followed in second place with $15.44 million.
dr Larry Ponemon, Chairman and Founder of the Ponemon Institute, said, “Insider incidents continue to increase, both in frequency and in the cost of remediation. In particular, the risk of malicious insider threats continues to increase. As more users go about their business away from the office and access corporate data, this can leave the security team unable to distinguish between well-meaning employees and malicious insiders, the latter attempting to harvest sensitive corporate data.”