Research released today by Proofpoint has revealed that organisations impacted by insider threats spent an average of $15.4 million annually, up 34% from 2020

According to the 2022 Cost of Insider Threats Global Report from enterprise security provider Proofpoint, alongside Ponemon Institute, it took organisations an average of 85 days to contain each incident.

Over the last two years, frequency of insider threats has increased by 44%, according to Proofpoint, with three identified categories consisting of:

• careless or negligent employees/contractors (56% of incidents);
• criminal or malicious insiders (26%);
• cyber criminal credential theft (18%).

67% of surveyed companies experienced between 21 and more than 40 incidents per year, up from 60% in 2020.

Incidents caused by malicious or criminal insiders cost organisations an average of $648,062, while negligent insiders cost companies $484,931 per incident.

Negligence, according to the study, could include not ensuring devices are secured, not following the company’s security policy, or forgetting to patch and upgrade, among other factors.

Meanwhile, criminal insiders use data access, which has increased for the purpose of enhanced productivity, for harmful, unethical, or illegal activities.

Credential theft incidents have almost doubled since the last study, and prove the costliest to remediate with an average of $804,997 per incident.

Addressing insider threats: how board members can maintain cyber security

Paul Stark, general manager, UK at OnBoard, discusses how board members can address insider threats by maintaining cyber security. Read here

“Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organisations and take data with them,” said Ryan Kalember, executive vice-president of cyber security strategy at Proofpoint.

“In addition, organisational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cyber criminals due to their far-reaching access to critical systems, data, and infrastructure.

“With people now the new perimeter, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of risks.”

Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, commented: “Insider threats continue to climb, both in frequency and remediation cost. That said, we are seeing the risk of malicious insider threats increase – with more users accessing business data from outside the confines of the office.

“This can blur the security team’s ability to identify and differentiate between well-meaning employees, and malicious insiders trying to siphon sensitive business data.”

Signs of risk

In line with its study, Proofpoint revealed five signs that the organisation could be at risk of insider threats, to look out for:

1. Lack of training for staff to fully understand and apply laws, mandates, or regulatory requirements related to their work and organisational security.
2. Lack of awareness of steps staff should take to ensure that devices used — both company issued and BYOD — are secured at all times.
3. Distribution of highly confidential data to an unsecured location in the cloud, exposing the organisation to risk.
4. Breaching of security policies on the part of staff to simplify tasks.
5. Exposing of the organisation to risk if devices and services aren’t kept patched and upgraded to the latest versions.

Proofpoint’s report, which was independently conducted by Ponemon Institute and is in its fourth year, is issued every two years, and surveyed over 1,000 IT and IT security practitioners globally.