An outside attack always garners big headlines because they can oftentimes bring massive numbers, but the inside threat can be more often and fairly costly.
As it turns out, the average cost of an insider threat annually is $8.76 million, according to a survey from the Ponemon Institute, entitled “2018 Cost of Insider Threats: Global Organizations.”
It’s critical for organizations to understand the main causes of insider threats, because detecting insiders in a timely manner could save millions of dollars. Depending on the industry and size of company, the cost of an insider threat varies dramatically.
“This research reveals that ignoring the growing threat posed by insiders can be costly for businesses of all sizes and in all industries,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “The increasing cost of insider threats – whether caused by negligent or malicious actors – is extremely detrimental for organizations, potentially costing them millions of dollars annually.”
“Insider threats continue to threaten organizations across the globe, ultimately resulting in loss of mission critical data, downtime and lost productivity, and even reputational damage,” said ObserveIT Chief Executive Mike McKee, whose company sponsored the report. “Understanding the growing costs and time associated with preventing and managing insider threats, organizations need to invest in a holistic cybersecurity solution to assist with real-time detection, deterrence, education and prevention.”
Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 percent, and by 53 percent for criminal and malicious insiders. The average number of credential theft incidents has more than doubled over the past two years.
The majority of respondents (64 percent) cited the negligent insider as the root of most incidents.
Credential risk is the costliest type of insider incident at an average of $648,745 per event.
Large organizations with a headcount of more than 75,000 spent an average of $20 million over the past year to resolve insider-related incidents while smaller organizations with a headcount below 500 spent an average of $1.8 million.
Asia-Pacific and European and Middle Eastern (EMEA) companies had lower annualized costs to contain insider-related incidents at $5.88 and $7.04 million, respectively, compared to North American companies.
Click here to register for the report.