Blog
THIS IS THE FOURTH BENCHMARK STUDY CONDUCTED WITH THE EXPLICIT PURPOSE TO UNDERSTAND THE FINANCIAL CONSEQUENCES
THIS IS THE FOURTH BENCHMARK STUDY CONDUCTED WITH THE EXPLICIT PURPOSE TO UNDERSTAND THE FINANCIAL CONSEQUENCES THAT RESULT FROM INSIDER THREATS. ASECONDARY FOCUS IS TO GAIN INSIGHT INTO HOW WELL ORGANISATIONS ARE MITIGATING THESE RISKS.
The first Cost of Insider Threats: Global study was conducted in 2016 and focused exclusively on companies in North America. Since then, the research has expanded to include organisations in Europe, Middle East, Africa and Asia-Pacific with a global headcount of 500 to more than 75,000. In this year’s study, we interviewed 1,004 IT and IT security practitioners in 278 organisations that experienced one or more material events caused by an insider. A total of 6,803 insider incidents are represented in this research.
INSIDER THREATS HAVE INCREASED IN BOTH FREQUENCY AND COST OVER THE PAST TWO YEARS. CREDENTIAL THEFTS, FOR EXAMPLE, HAVE ALMOST DOUBLED IN NUMBER SINCE 2020.
However, despite insider threats having increased across all three insider threat profiles, insider threats caused by careless or negligent employees are the most prevalent.
According to the findings, 56% of incidents experienced by organisations represented in this research were due to negligence, and the average annual cost to remediate the incident was $6.6 million.
Research also showed that the cost of an insider threat varies significantly based on the type of incident. This is largely due to the type of activities required following an insider threat incident, including monitoring & surveillance, investigation, escalation, incident response, containment, ex-post analysis and remediation.
Following are some key statistics on the cost of insider-related incidents over a 12-month period: