New 2020 Ponemon Institute Study: Frequency and Cost of Insider Threats Have Spiked Dramatically in Last Two Years

January 29, 2020
Josh Epstein

A new study released today from Ponemon Institute, 2020 Cost of Insider Threats: Global, showed a dramatic increase in both the cost and frequency of insider threats since 2018. According to the study, the average global cost of insider threats rose by 31% in two years to $11.45 million, and the frequency of incidents spiked by 47% in the same time period.

Researchers at Ponemon Institute spoke with 964 IT and security practitioners at 204 organizations with a global headcount of 1,000 or more in North America, Europe, the Middle East, Africa, and Asia-Pacific. A total of 4,716 insider-caused incidents were identified across all organizations in the past 12 months. The study was sponsored by ObserveIT, a Proofpoint company, and IBM.

In this post, we’ll share some highlights from the report and give you some guidance on how to get proactive about insider threat management within your organization.

Who Are Insider Threats in 2020?

As with the 2018 Cost of Insider Threats research, this year, Ponemon Institute studied three types of insider threat profiles:

  • Negligent insiders, or employees or contractors who make mistakes that unintentionally cause incidents.
  • Criminal and malicious insiders, or those who intentionally cause damage to an organization from the inside.
  • Credential thieves, or those who target insiders’ login information to gain unauthorized access to applications and systems.

Of the three profiles, credential thieves caused the most damage per incident, costing organizations an average of $871,000 per incident—three times more per incident than a negligent insider. However, the frequency of credential theft was 25% of all incidents, which limited the average annual cost to $2.79 million per year.

To contrast, negligent insiders account for 62% of all incidents, costing organizations the most in total per year: an average $4.58 million. Even though criminal insiders dominate the headlines, their frequency was the lowest of all three profiles, at 14% of incidents. However, their per-incident cost of $756,000 is hard for organizations to ignore, accounting for a total of $4.08 million in average losses per year.

What’s Driving Insider Threat Costs?

The report outlines in detail the primary cost centers for insider threats, as well as the industries, company sizes, and regions most affected by insider threats. Here are some of the highlights:

  • The highest overall cost center for organizations is containment, at an average of $211,533 per company annually. Containment activities focus on stopping or lessening the impact of incidents or attacks.
  • The fastest-growing cost center is investigations, costing organizations a whopping 86% more than they did only three years ago. Investigations help organizations uncover the source, scope, and magnitude of one or more incidents.
  • As with the 2018 report, this year’s data indicated that the longer an incident lingers, the costlier it gets. The average incident takes 77 days to contain. Incidents that took more than 90 days to contain cost organizations an average of $13.71 million on an annualized basis.
  • The financial services industry accrued the highest average insider threat annual costs at $14.5 million, a 20.3% increase over the past two years. Unsurprisingly, headcount drives the cost of insider threats, with large organizations (headcount of more than 75,000) spending an average of $17.92 million, and smaller organizations (under 500) spending an average of $7.68 million on insider threats.
Embracing Proactive Insider Threat Management

The data in this report shows that most organizations need to be more vigilant about insider threat incidents, which often fly under the radar until it’s too late. Many organizations believe that they can address insider threats with their existing, externally-focused security solutions, when a dedicated insider threat management strategy may be a better overall approach. Here are a few tips to consider:

  • Build a culture of cybersecurity awareness: Since the vast majority of incidents are accidental, prioritize cybersecurity awareness training to ensure that employees and contractors are updated on the latest policy requirements. More importantly, help insiders understand how security policies affect their day-to-day work. If mistakes do happen, treat them as opportunities to course-correct behavior and help employees or contractors learn about better alternatives.
  • Gain visibility into insider threats: Many organizations make the mistake of tracking data movement alone to deal with the insider threat problem. However, that approach ignores the fact that people move data (data doesn’t move itself!). Monitoring a combination of user and data activity can provide much-needed context into Insider Threat incidents, reducing the time to investigate (and overall cost of insider incidents).
  • Make insider threat management a team sport: While the security team is at the center of any successful insider threat program, other departments including HR, legal, compliance, and communications must be involved to make the incident investigation, containment and response process as seamless as possible. In cases of accidental insider threats, detailed evidence can be used to exonerate employees and provide proper training for the future.

Click here to learn more and download the 2020 Ponemon Institute Cost of Insider Threats report today.