Insider threats are a major risk for organisations of all sizes—and it’s expensive to ignore them. Insider threat incidents are costing businesses upwards of $15 million annually, on average.
And it’s not just careless insiders who are to blame for insider threats; more organisations are reporting that credential theft is a growing concern in 2022. To compound matters, it now takes 85 days to contain an insider threat, compared to an average of 77 days just two years ago.
As the cybersecurity landscape becomes more complex, it’s important to stay up to date on insider threat trends so you can create a proactive strategy to avoid these risks and reduce the cost and impact of incidents when they do occur. The following highlights from the 2022 Cost of Insider Threats Global Report from Ponemon Institute can help you better understand and manage insider threats:
Insider threats are steadily increasing
In 2020, we told you that the cost of insider threats was on the rise. That trend has continued into 2022.
Combining historical data shows that insider threats aren’t slowing down. Since 2020, the cost of addressing an insider security problem has increased by 34%—from $11.45 million in 2020 to $15.38 million in 2022. The frequency of insider-led incidents is also up by 44% in 2022.
So, why is the risk of the insider threat continuing to increase for businesses? The answer is firmly rooted in the rise of the hybrid workforce, the accelerated pace of digital transformation and the rapidly increasing shift toward using cloud-based applications.
Signs your organisation is at risk for insider threats
Here are a few red flags signalling that your business needs to be even more proactive about staying vigilant for insider threats:
- Your employees aren’t trained to fully understand and apply laws, mandates or regulatory requirements related to their work and that affect the organisation’s security. (Keep in mind that security awareness training should occur regularly, especially as new developments in cybersecurity occur.)
- Your organisation has an inconsistent device policy that leaves employees murky about the steps they should take to ensure the devices they use—both company-issued and BYOD (“bring your own device”)—are always secured. This includes keeping devices and applications patched and upgraded.
- Employees are sending highly confidential data to an unsecured location in the cloud, exposing the organisation to risk.
- Your organisation’s security policies are regularly disregarded by employees who are attempting to simplify work tasks and improve productivity.
Not all insider threats are created equal
Not all insider threats originate the same way, and the intensity of their damage can change depending on the source of the threat and the industry. Knowing where the most damaging insider threats are likely to occur can help your organisation determine which vulnerabilities to fortify first and how to monitor high-risk insiders effectively.
Here are the three main types of insider threats and their associated costs:
- Careless insiders: Careless insiders account for the highest percentage (56%) of incidents, proving that even seemingly innocent mistakes can cause security breakdowns. The silver lining is that the average cost per incident is the lowest overall at $485,000. Given their regularity, however, careless insider events cost organisations the most—totalling $6.6 million annually.
- Malicious insiders: Though malicious insiders account for slightly more than one in four insider threats, they’re significantly costlier than careless insiders at $648,000 per incident, or about $4.1 million annually.
- Credential theft: Credential theft occurs when an employee’s login information becomes compromised—and this trend is raising alarm bells for many security experts. Credential theft increased from 14% of incidents in 2020 to 18% in 2022. These incidents are also having a greater impact on the bottom line: The cost of credential theft to organisations increased 65% from $2.79 million in 2020 to $4.6 million in 2022.
Financial services and retail seeing insider threat costs skyrocket
Some industries have it worse than others when it comes to insider threats. Industries that rely on sharing sensitive information—such as banking information or healthcare data—have become increasingly attractive to threat actors.
The cost of insider threats to organisations in the financial services industry increased by 47% to $21.25 million in 2022. An even more pronounced increase occurred in retail, where the cost of insider security events jumped 62% to $16.56 million in 2022.
Create a strong defence
Addressing insider threats has become a priority for many organisations, especially as boards and the C-suite are becoming savvier about cybersecurity. Spending is up 80% in the last eight years, with the highest cost per activity spent on containment. Organisations are spending $184,548 annually, on average, to contain the consequences of an insider threat.
But making investments is only part of the strategy. To mitigate the damage of an insider-related security breach effectively, organisations need to focus on:
- Containment: This accounts for 29% of the cost of an insider incident. The overall cost of an insider incident can be reduced by lowering the time to containment.
- Investigation: Activities relating to investigation and incident response represent 20% of the cost of insider incidents.
- Prevention: No doubt, you’ve heard before that “The best defence is a good offence”. That saying very often applies to cybersecurity. Employee training and proper security protocols can go a long way toward limiting the extent of an insider attack.
Reducing response time is a must for organisations that wan t to reduce the impact of security breaches due to insider threats. Incidents that take more than 90 days to contain have the highest average total cost per year at $17.19 million. In contrast, incidents that take less than 30 days to contain have the lowest total cost, coming in at $11.23 million.
More than 50% of companies are using security awareness training, data loss prevention (DLP), insider threat management (ITM) and third-party vetting procedures to reduce the risk of insider threats. When dealing with insider threats, the focus should be on protecting data from exfiltration by careless users, negligent employees or malicious insiders who are using compromised credentials to steal information.
Establishing your ITM program
The insider threat risk is one organisations simply can’t ignore. With the number of endpoints increasing and securing access to sensitive data becoming more challenging, organisations need to step back and assess how — and how well — they’re protecting themselves from internal threats.
Traditional approaches to security aren’t enough to defend against these threats, however. Organisations should consider employing the following strategies as well:
- Implementing a people-first cybersecurity approach to insider threat management that considers the complexities of hybrid work.
- Using an ITM platform that will increase visibility and provide context to data changes, which can help reduce the time it takes to contain an insider threat.
- Establishing a repeatable process that helps the organisation identify and monitor high-risk insiders.
- Adopting a culture of transparency to assess weaknesses thoroughly and improve performance the next time an insider threat incident occurs.
Creating an ITM program doesn’t have to be complicated—and Proofpoint is here to help. As a starting point, learn more about our ITM solution here.
If you already have an ITM program, do you know if it’s aligned with best practices? Download the 2022 Cost of Insider Threats: Global Report to find out more about leading practices that can help your business avoid insider threats and contain insider-led incidents.