Organizations are spending an average of $4.3 million annually to mitigate, address, and resolve insider-related incidents – with that spend surpassing $17 million annually in the most significant cases, according to the Ponemon Institute.
“External forces, or the possibility of an external attack, have commanded the focus and attention of today’s IT leaders with the perception that they pose the biggest threat to the enterprise,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. “Our study is the first of its kind to uncover the equally substantial – and, at times, devastating – effects that insider threats can impose on an organization, from mitigation and detection through resolution and investigation.”
The cost of negligence
While the report notes that user credential theft and malicious or criminal activity carried a more substantial cost-per-incident, the frequency and volume of insider incidents caused by employee and contractor negligence recorded the highest annual cost, averaging nearly $2.3 million.
“Companies perceive insider threat as mostly driven by malicious employees, but the fact is that a significant portion of the risk is due to insider carelessness,” said Christy Wyatt, CEO at Dtex Systems. “This study underscores what we’ve seen for many years now: well-intentioned employees don’t always fully understand what puts both them and valuable company information at risk. In working with a wide range of organizations, of all sizes and across all industries, we’ve found that capturing and analyzing user activity at the endpoint is essential to rapidly identifying careless behavior and minimizing any impact.”
Legacy solutions fall short
In addition to aggregating the costs resulting from insider-related incidents, the study analyzed the technologies and solutions deployed across the organizations surveyed to address insider threats, as well as the effectiveness of those solutions as measured in incremental cost savings.
In line with expectations, legacy solutions – such as data loss prevention (DLP), user awareness and training, and network intelligence – ranked among the most frequently deployed tools (at 46 percent, 43 percent, and 35 percent respectively). Yet, despite being the most pervasive, the incremental cost savings driven by these legacy technologies were among the lowest recorded, with network intelligence and user training yielding $0.3 million.
Average cost per incident
At the same time, the survey showed the average time to contain an insider-related incident across the same organizations was 65.4 days – and noted the total annualized cost for an incident lasting more than 60 days averaged $4.5 million, climbing to $5.7 million after 90 days.
While the solution categories that have emerged more recently – such as user behavior analytics (UBA) and threat intelligence – inevitably recorded less traction, they delivered the highest incremental cost savings at $1.1 million and $0.8 million respectively.
“We found that solutions focused on visibility and transparency, rather than stringent controls and limitations, are driving the most impact in terms of cost savings and return on investment,” said Ponemon. “Our recommendation for combatting costly insider threats is building a layered defense that delivers a comprehensive range of capabilities across visibility, detection, context, and rapid response.”