Insider Threat Management

Making the Economic Case for Insider Threat Management. Deliver $400K+ in Annual Value.

Share with your network!

A global, distributed workforce. The increased role of remote collaboration tools. A deeper reliance on freelancers and third-party vendors. What do these three things have in common? They’re ways in which organizations have responded to the massive shift in workstyles we have all seen in 2020. This new work reality can also increase insider threat risk – a category of security threat that’s been on the rise since before the pandemic.

Even prior to the start of 2020, research has shown that insider threat incidents rose 31% in the past two years alone. The average cost of these incidents also spiked 47% in the same time period – to $11.45 million a year. With numbers like these, where should a security team start? 

This post will focus on what causes insider threats, why traditional defenses aren’t enough, and the right strategy to both reduce risk and drive ROI.

Top Insider Threat Causes

First off, who are these insider, really? News headlines often paint a picture of undercover corporate spies stealing data. While sometimes that’s true, most insiders (62 percent, to be exact) accidentally cause incidents. About a quarter of insiders are compromised, which means they are victims of credential theft. Only 14 percent intentionally cause incidents.

An insider could be anyone who is close to the organization. That means an employee, contractor, or even a third-party vendor. Insider threats misuse their authorized access to critical information or systems. In a remote work world, this misuse is more common than you might think. For example, an employee might accidentally send a file to the wrong person through a cloud-based collaboration platform.

With a widening margin for error, what do organizations typically do to defend themselves?

Perimeter vs. People-Centric Security

Many organizations make the mistake of thinking traditional perimeter-based security strategies are enough for insiders. We’re living in a world where the perimeter of the office has all but disappeared. Today, the focal point is people, not the technology stacks we use to get work done. People are the ultimate security perimeter—for better and for worse. A well-trained, well-meaning user is an enterprise’s best defense.

As a result, organizations must take a more people-centric security approach. This means looking at the context behind what people are doing – not just where the data is moving. In the modern work world, locking down data isn’t realistic. Instead, security teams need visibility into both user and data activity. That way, people have the freedom to use the technology they need to be productive. Meanwhile, the security team can act faster to investigate based on real-world context when potential incidents unfold.

Security as an ROI Center vs. Cost Center

Now that we know more about insider threats, how can organizations make moves to reduce their cost and impact? Can the right security strategy be an ROI generator versus a cost center? It turns out, the answer is yes. 

A new report from independent research firm Enterprise Strategy Group (ESG) recently studied the economic impact of the Proofpoint Insider Threat Management (ITM) solution with our customers. Want the hard numbers? Proofpoint ITM:

  • Pays for itself in just 5 months
  • Reduces insider threat costs by nearly $400,000 per month for a 10,000-employee organization
  • Delivers a 695% three-year return

Qualitatively, customers found that ITM improved team productivity, increased access to threat intelligence, and lowered organizational risk. As the insider threat problem continues to grow, these qualitative benefits add up to be just as important as dollars and cents.

Want to learn more about the ROI of insider threat management? 

Download the free ESG report