Report: Cost of ‘Insider Threats’ Jumps 31% In Just Two Years
A new report has identified a nearly one-third jump in the cost of ‘insider threats’ as well as a rise in the frequency of these threats to organisations operating.
The report comes courtesy of the Ponemon Institute, who published its “2020 Cost of the Insider Threats: Global” report showing that in a 24-month period, the average cost of insider threats had risen by 31% to $11.45 million; the frequency spiked by just under 50% in the same period of time.
The Ponemon Institute took data and responses from 964 IT and security employees at 204 organisations across Africa, the Asia-Pacific, Europe and North America with more than 1,000 employees.
Researchers say that these responses showed that in a one-year period, around 4,716 incidents had been the result of an insider threat.
Graphic courtesy of the Ponemon Institute for educational purposes only.
For the uninitiated, an ‘insider threat’ refers to a malicious threat to an organisation that comes from people within the organisation, whether it’s down to negligence or malicious intent. This can come in the form of current and former employees, business associates and even contractors who have the ability to ‘look inside’ at your organisation’s data.
Insider Threats come in three major forms: malicious insiders, who are looking to take advantage of their position, most likely for financial gain, negligent insiders, who make errors and disregard policies and procedures, and finally, infiltrators, who gain legitimate access to an orgasniation’s network with passwords without authorisation.
According to InfoSecuriy Magazine, the researchers split their findings up by these respective categories: “those caused unintentionally by negligent employees or contractors, those perpetrated by credential thieves bent on using insiders’ login information to gain unauthorised access to applications and systems, and those instigated by criminal and malicious insiders out to damage the organisation from within.”
Of these three, credential thieves were responsible for more than $871,000 per incident; three-times more damage than a negligent insider. The frequency of these credential thefts attempts, however, accounted for 25% of all incidents; around $2.9-million per year, according to the findings of the report.
The study found that negligent employees and contractors were responsible for around 62% of all insider threats, representing the biggest financial difficulty for organisations with an average cost of $4.58-million each year. Malicious criminals were found to have made up 14% of all reported incidents, with a per-incident cost to the organisation of $756,000, and annual losses averaging $4.08 million a year.
“Researchers foudn that the longer an insider threat lingers, the costlier it is to rectify,” writes Sarah Coble. “Incidents that took more than 90 days to contain cost organisations $13.71 on an annualized basis, while incidents that lasted less than 30 days cost roughly half, at $7.12 million.”
“A stitch in time saves nine,” she wrote.