$8.76 million: The average yearly cost of insider threats

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

According to The Ponemon Institute’s report, “2018 Cost of Insider Threats: Global Organizations,” the average cost of an insider threat annually is $8.76 million.

average yearly cost insider threats

It’s critical for organizations to understand the main causes of insider threats, because detecting insiders in a timely manner could save millions of dollars. Depending on the industry and size of company, the cost of an insider threat varies dramatically.

“Insider threats continue to threaten organizations across the globe, ultimately resulting in loss of mission critical data, downtime and lost productivity, and even reputational damage,” said ObserveIT CEO Mike McKee. “Understanding the growing costs and time associated with preventing and managing insider threats, organizations need to invest in a holistic cybersecurity solution to assist with real-time detection, deterrence, education and prevention.”

Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26%, and by 53% for criminal and malicious insiders. The average number of credential theft incidents has more than doubled over the past two years.

The majority of respondents (64%) cited that the negligent insider is the root of most incidents.

Credential risk is the costliest type of insider incident at an average of $648,745 per event.

average yearly cost insider threats

Large organizations with a headcount of more than 75,000 spent an average of $20 million over the past year to resolve insider-related incidents while smaller organizations with a headcount below 500 spent an average of $1.8 million.

Asia-Pacific and European and Middle Eastern (EMEA) companies had lower annualized costs to contain insider-related incidents at $5.88 and $7.04 million, respectively, compared to North American companies.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.