A new report from cybersecurity company Proofpoint reveals more than 60% of insider threats are the result of negligent employee or contractor behaviour.
Proofpoint, a leading cybersecurity and compliance company, has released its Cost of Insider Threats 2020 Global Report to identify the costs and trends associated with negligent, compromised and malicious insiders.
Notably, on average, impacted organisations in the Middle East spent US$11.65 million annually on overall insider threat remediation and took 77 days to contain each incident.
The report, commissioned with The Ponemon Institute and co-sponsored by IBM, surveyed nearly 1,000 IT and IT security practitioners across North America, Europe, Middle East, Africa, and Asia-Pacific.
Each organisation included in the study experienced one or more material events caused by an insider. Over the last two years, the frequency and costs associated with insider threats increased dramatically across all three insider threat categories, including careless or negligent employees/contractors, criminal or malicious insiders and cybercriminal credential theft.
“With an average cost of more than US$600K per incident, insider threats must be a leading concern for companies worldwide,” said Mike McKee, Executive Vice President and General Manager of Insider Threat Management for Proofpoint.
“Organisational insiders, including employees, contractors and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data and infrastructure.
“Given that users regularly work across a wide range of applications and systems, we recommend layered defences, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of attacks.”
Emile Abou Saleh, Regional Director, Middle East and Africa at Proofpoint, said: “According to the report findings, organisations in the Middle East have experienced the highest number of insider-related incidents over the past 12 months and are likely to experience credential theft.
“It is, therefore, crucial for organisations in the Middle East to build a culture of cybersecurity among their employees by putting in place cybersecurity awareness training in order to understand how security policies affect their day-to-day work.”
This year’s Cost of Insider Threats 2020 Global Report key findings include:
• Globally, organisations impacted by insider threats spent an average of US$11.45 million annually – that’s up 31% from $8.76 million in 2018.
• More than 60% of reported insider threat incidents were the result of a careless employee or contractor and 23% were caused by malicious insiders. A total of 14% of all insider threat incidents involved cybercriminals stealing credentials.
• The number of incidents has also increased by a staggering 47% in just two years, from 3,200 in 2018 (Ponemon) to 4,700 in 2020.
• The longer an insider threat incident lingers, the costlier it gets. Incidents that took more than 90 days to contain cost organisations US$13.71 million on an annual basis, while incidents that lasted fewer than 30 days cost roughly half, at US$7.12 million. It takes an average of more than two months (77 days) to contain an insider incident.
• The larger the organisation the more insider incidents. Large organisations with a headcount of more than 75,000 spent an average of US$17.92 million over the past year. To contrast, smaller organisations with a headcount below 500 spent an average of US$7.68 million.
• The financial services industry spent more to contain insider threats per incident than other sectors. Over the past two years, the average financial services industry spend was US$14.3 million to contain an incident versus US$11.54 million for energy and utility companies and US$10.24 million for the retail industry (a 38% increase in two years).
To download the Cost of Insider Threats 2020 Global Report, visit: https://www.observeit.com/cost-of-insider-threats/.
For more information on insider threat management, visit: www.observeIT.com.