ITM Live demo

Insider Threat Awareness Month:10 compelling reasons why now is the time to invest in protection

Share with your network!

Traditional cyber defenses are built to deter external threats, protecting organizations from the outside in. While this alone may once have sufficed, the stark rise in insider threats over recent years calls for a new approach. One that also defends your organization from the inside out.

Insider threats are more prevalent than ever before, with reported incidents increasing by almost 50% last year. The average cost to the organizations involved is also on the up, rising by 31% over the past two years to $11.45 million.  

Behind these headline statistics are many more, highlighting the devastating impact of insider threats, whether driven by negligence, malice, or criminal intent.

To mark the start of Insider Threat Awareness Month, we’re sharing some of the most compelling. So, if you don’t have an Insider Threat Management (ITM) program in place, here are ten reasons why now is the time to invest in one.

  1. 52% of data breaches are insider driven. Whether intentional or negligent, most threats that lead to data loss stem from insiders. (Source: Verizon)
  2. Almost two-thirds of insider threats are caused by employee, contractor, or third-party negligence. (Source: Ponemon)
  3. The faster containment occurs, the lower the cost. Incidents lasting longer than 90 days cost $13.71 million on average, compared to $7.12 million for those resolved within 30 days. (Source: Ponemon)
  4. The average insider incident takes over two months – 77 days – to contain. Just 13% are contained within 30 days. (Source: Ponemon)
  5. 15% of incidents involve credential theft, costing organizations an average of $2.79 million per year. (Source: Ponemon)
  6. The average cost of a single incident triples when credential theft is involved, up to $871,686. (Source: Ponemon)
  7. Human error drives most reported incidents, including lost, stolen, or hacked devices (33%), unpatched software vulnerabilities (32%), unsecured network activity (31%), and lost credentials (29%). (Source: The Economist Intelligence Unit)
  8. Containment accounts for one-third of the cost of an insider incident – followed by remediation (23%) and incident response (18%). (Source: Ponemon)
  9. The larger an organization, the higher the cost – at £$7.92 million for those with 25,001 to 75,000 employees and $6.92 million for those with between 500 and 1,000 employees. (Source: Ponemon)
  10. Companies can reduce the cost of insider threats by between $3.1 million and $3.4 million by deploying solutions focused on user activity and access. (Source: Ponemon)


Defending against insider threats can be a complex business. Attackers either take great care to cover their tracks or are unaware they are posing a threat at all – making them hard to define and even harder to detect.

An effective ITM program must focus on three key areas: technology, process, and people.

First, deploy the tools required to monitor user activity and flag any unusual behavior. Next, outline clear guidelines governing network access, acceptable use, device management and more. Finally, ensure your employees understand not only how to spot an insider threat but how important they are in thwarting its success.

Visibility, vigilance and responsiveness are essential in reducing insider risk in the new work reality – one where employees, but also third-party contractors, service providers, consultants, supply chain partners and customers form a new, ragged-edged parameter which is increasingly hard to control.

Today’s threat landscape has expanded, and with it the need for insider threat protection. Now is the time to build a business case to reduce your attack surface, starting with a solution that gives you actionable insights into your employees, ecosystem, and system environments, so you can protect them from insider threats – whether intentional or not.

For more information on Proofpoint’s Insider Threat Management solution, please visit: