Over the past two years of pandemic-driven workforce changes, insider threats have cost more time and money to contain: survey

In a survey of 1,004 IT and IT security practitioners in 278 organizations that had experienced one or more material events caused by an insider, the impact was US$15.4m worth of damage annually (up 34% from 2020), and requiring 85 days to contain each incident.

The survey covered organizations across North America, Europe, Middle East, Africa, and Asia-Pacific with a global headcount of 500 to more than 75,000, comprising a total of 6,803 insider incidents.

Each organization included in the study must have experienced one or more material events caused by an “insider”. The survey data shows that the frequency and costs associated with insider threats in the survey population had increased over the past two years in three insider threat categories: careless or negligent employees/contractors, criminal or malicious insiders, and cybercriminal credential theft.

Other findings

The annual survey, commissioned by Proofpoint, Inc., led to the following conclusions:

  • 44% of the respondents saw an increase in the overall number of insider incidents in just two years. 
  • 67% of respondents experienced between 21 and more than 40 incidents per year, up from 60% in 2020. 
  • 56% of reported insider threat incidents were the result of a careless employee or contractor, costing on average US$484,931 per incident.
  • 26% of incidents involved malicious or criminal insiders, involving an average cost per incident of USD$648,062. Malicious insiders are employees or authorized individuals who use their data access for harmful, unethical, or illegal activities.
  • 18% of incidents reported by respondents involved credential theft incidents, “almost double” compared to the credential theft incidents in the last study. At an average of US$804,997 per incident, credential theft was “the costliest to remediate”.
  • It took about 85 days to contain an insider incident, up from 77 days in the previous year’s study (10% increase). Incidents that took more than 90 days to contain cost respondents US$17.19m on an annualized basis, while incidents that lasted less than 30 days cost an average of US$11.23m.
  • For financial services respondents, the average activity cost to contain an insider incident was US$21.25m, and for professional services the average cost was US$18.65m. Service organizations represented a wide range of companies including accounting, consultancy, and professional service firms.
  • The cost of incidents varied according to respondents’ organizational size. Large organizations with a headcount of more than 75,000 spent an average of US$22.68m over the past year to resolve insider-related incidents. Smaller-sized organizations with a headcount below 500 spent an average of US$8.13m. 
  • North American respondents were spending more than the average cost on activities that dealt with insider threats. The total average cost of activities to resolve insider threats over a 12-month period was US$15.4m. Respondents in North America experienced the highest total cost at US$17.53m. European respondents had the next highest cost at US$15.44m

According to Ryan Kalember, Executive Vice President, Cybersecurity Strategy, Proofpoint: “Months of sustained remote- and hybrid- working leading up to The Great Resignation have resulted in an increased risk around insider threat incidents as people leave organizations and take data with them. In addition, organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure.”

Kalember suggested that layered defenses, including a dedicated insider-threat management solution and strong security awareness training, can provide the best protection against such risks.