Frequency and Cost of Insider Threats Continue to Increase

Robinson+Cole Data Privacy + Security Insider
Contact

The Ponemon Institute recently issued its 2020 Cost of insider Threats Global Report, which finds that the frequency and cost of insider threats is continued to increase. Sponsored by ObserveIT and IBM, the 2020 report is the third consecutive report that studies insider threats and their impact on businesses in terms of frequency, cost and time to recover. “Insider threats are defined as:

  • A careless or negligent employee or contractor
  • A criminal or malicious insider or
  • A credential thief.”

According to the Report, the “key takeaway is that, across all three insider threat types…both the frequency and cost of insider threats have increased dramatically over the course of two years….the overall cost of insider threats is rising , with a 31 percent increase from $8.76 million in 2018…to $11.45 million in 2020. In addition, the number of incidents has increased by a staggering 47 percent in just two years, from 3,200 in 2018…to 4,700 in 2020.This data shows that insider threats are still a lingering and often under-addressed cybersecurity threat within organizations, compared with external threats.”

Although negligent insiders caused more incidents than any other type (62 percent of all incidents), credential theft cost companies the most. The average cost of an insider threat incident caused by a negligent or careless employee is $307,111, while in contrast, the theft of users’ credentials cost an average of $871,686, and the theft of privileged users’ credentials (25 percent of all incidents) cost an average of $2.79 million. Criminal and malicious insiders (14 percent of all incidents) cost organizations an average of $756,760 per incident.

A significant cost associated with insider threats is attributed to the investigation of the incident, which includes monitoring and surveillance, incident response, containment and remedial actions. The average cost of the investigation following an insider threat increased 38 percent over the past two years to $103,798.

In addition, the Report states that according to the survey results, “it takes an average of 77 days to contain each insider threat incident. Only 13 percent of incidents were contained in less than 30 days.” The fastest growing industries for insider threat included the retail industry and financial services.

The Report outlines several risk factors that companies may wish to consider in determining the risk for an insider threat, which include: 1) employees are not trained on laws or regulatory requirements related to their work that affects the organization’s security; 2) employees are unaware of steps to take so their devices are secured; 3) employees are sending highly confidential data to an unsecured location in the cloud; 4) employees break the company’s security policies to simplify tasks; and 5) employees expose the organization to risk if they are not keeping devices patched and upgraded.

These are valuable tips for companies to consider when determining resources to invest in cybersecurity. Employees and insider threats continue to top the list of risks, and providing employees and contractors with education and tools, and implementing measures to catch malicious or criminal insiders are important components of a risk management program.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.