Ponemon Institute released its 2022 Ponemon Institute Cost of Insider Threats: Global Report commissioned by the security company ProofPoint.

The company surveyed over one thousand IT and IT security professionals from companies that experienced at least one insider caused incident. The companies were based in North America, Europe, Middle East, Africa, and Asia-Pacific regions.

The report concludes that over the last two years, the frequency and costs of insider data threats have increased across all three insider threat categories

  • careless or negligent employees/contractors
  • criminal or malicious insiders
  • cybercriminal credential theft.

The reason for this increase is the remote and hybrid work environment that led up to The Great Resignation, according to ProofPoint.

Main findings of the report

  • The number of incidents: up by 44 percent in just two years.
  • The frequency of incidents per company: 67% of companies experienced between 21 and 40 incidents per year (up from 60 percent in 2020).


Composition of the threat: A negligent insider is the root cause of most incidents.

  • 56% of reported insider threat incidents were the result of a careless employee or contractor (average cost $484,931 per incident).
  • Malicious or criminal insiders were behind 1 in 4 incidents (26%) (average cost per incident of $648,062).
  • Incidents including credential theft, stealing users' credentials and accessing critical data represent 18% (almost double from the last study). At an average of $804,997 per incident, credential theft is the costliest to remediate.

Cost of the insider threats

  • Organizations impacted by insider threats spent an average of $15.4 million annually (up 34 percent).
  • It takes an average of 85 days to contain an insider incident (up from 77 days). The longer the incident takes to contain, the higher the price (more than 3 months – $17.19 million, less than 30 days – average of $11.23 million). The bigger the company, the higher the price (headcount of more than 75,000 – $22.68 million; headcount below 500 – $8.13 million).
  • The cost of insider threat is greatest in the North America and Europe ($17.53 million and $15.44 million).
  • Financial services and professional services have the highest average activity costs ($21.25 million and $18.65 million, respectively).

In a nutshell, insider threats continue to rise in frequency and remediation cost alike. The risk of malicious insider threats also continues to increase and the verticals that are affected the most are financial and professional services. 

Source: ProofPoint.com

Author
Dita Eckhardtova

Next articles

Top 4 reasons why financial institutions should use Safetica

One of the most vulnerable industries in the data protection realm is financial services. In the financial industry, the estimated average cost of a data breach was $5.97 million – the second highest only after the healthcare industry. That's not a small amount!

How to educate your employees about data security

Your employees need to live and breathe in a security-first mindset while they are working because that’s the only way to protect your organization’s, your partners’, and suppliers’ sensitive data. Let’s take a look at how to educate them effectively.  

Data Loss in Healthcare

There are a few best practices that companies from the healthcare sector can use to boost their data security (and patient trust) straight away, though – you’ll learn about those in this article.