Ponemon Institute Study 2022: Data incidents caused by insiders up 34 percent from 2020

22.04.2022

Ponemon Institute released its 2022 Ponemon Institute Cost of Insider Threats: Global Report commissioned by the security company ProofPoint.

The company surveyed over one thousand IT and IT security professionals from companies that experienced at least one insider caused incident. The companies were based in North America, Europe, Middle East, Africa, and Asia-Pacific regions.

The report concludes that over the last two years, the frequency and costs of insider data threats have increased across all three insider threat categories

  • careless or negligent employees/contractors
  • criminal or malicious insiders
  • cybercriminal credential theft.

The reason for this increase is the remote and hybrid work environment that led up to The Great Resignation, according to ProofPoint.

Main findings of the report

  • The number of incidents: up by 44 percent in just two years.
  • The frequency of incidents per company: 67% of companies experienced between 21 and 40 incidents per year (up from 60 percent in 2020).


Composition of the threat: A negligent insider is the root cause of most incidents.

  • 56% of reported insider threat incidents were the result of a careless employee or contractor (average cost $484,931 per incident).
  • Malicious or criminal insiders were behind 1 in 4 incidents (26%) (average cost per incident of $648,062).
  • Incidents including credential theft, stealing users' credentials and accessing critical data represent 18% (almost double from the last study). At an average of $804,997 per incident, credential theft is the costliest to remediate.

Cost of the insider threats

  • Organizations impacted by insider threats spent an average of $15.4 million annually (up 34 percent).
  • It takes an average of 85 days to contain an insider incident (up from 77 days). The longer the incident takes to contain, the higher the price (more than 3 months – $17.19 million, less than 30 days – average of $11.23 million). The bigger the company, the higher the price (headcount of more than 75,000 – $22.68 million; headcount below 500 – $8.13 million).
  • The cost of insider threat is greatest in the North America and Europe ($17.53 million and $15.44 million).
  • Financial services and professional services have the highest average activity costs ($21.25 million and $18.65 million, respectively).

In a nutshell, insider threats continue to rise in frequency and remediation cost alike. The risk of malicious insider threats also continues to increase and the verticals that are affected the most are financial and professional services. 

Source: ProofPoint.com

Author
Dita Eckhardtova

Next articles

Data security Blog articles

The Dark Side of ChatGPT: How AI Poses a Threat to Data Security

In this article, we’ll explore some of the ways ChatGPT is used to help businesses, how it can be a threat to data security, and provide tips on how businesses can protect themselves.
Read more
Data security Blog articles

Why Should Healthcare Institutions Use DLP? Top 4 Reasons

In this article, we'll explore why healthcare institutions need DLP solutions to keep up with the latest technical developments and ensure that patient data is secure.
Read more
Data security Blog articles

Ransomware: What is it, and how DLP helps

The number of ransomware attacks increased by almost 13% in 2022. Let’s take a more in-depth look at what ransomware is and how organizations can protect themselves from data loss.
Read more