Research has found that the average annual cost of insider threats has skyrocketed in just two years by 31% to $11.45 million.
The “2020 Cost of Insider Threats Global” report interviewed 964 IT and IT security practitioners in 204 organisations in North America, Europe, Middle East & Africa and Asia-Pacific
It was found that the number of cybersecurity incidents increased by 47% since 2018 from 3,200 in 2018 to 4,700 in 2020, whilst the average annual cost of insider threats rose 31%, from $8.76 million to $11.45 million during the same period.
It should be noted that the cost of insider threats varies depending on the type of incident, with an average incident costing $301,111 if it involves a negligent employee or contractor. Whilst the average cost per incident almost triples if it involves an imposter or thief who steals credentials ($871,686).
The report revealed that the activities that drive costs include monitoring and surveillance, investigation, incident response, escalation, containment, ex-post analysis and remediation.
“The fastest-growing cost center among these activities is investigation, with the average cost across all incident types rising 38% in only two years to $103,798,” the report wrote.
An organisation’s size and industry can have a significant impact on the cost of insider threat incidents. The report found that large organisations with more than 75,000 employees spent an average of $17.92 million over the past year, whilst smaller organisations with a headcount below 500 spent an average of $7.68 million.
Researchers also discovered that it takes an average 77 days to contain each insider threat, with only 13% of incidents being contained in less than 30 days. Subsequently, the longer an insider threat lingers, the costlier it gets for organisations, with incidents taking more than 90 days to contain costing organisations $13.71 million per year in contrast to incidents lasting less than 30 days ($7.12 million).
With insider threats on the rise, “organisations need to build an effective Insider Threat Management program. Such a program would ensure that the organisation can respond quickly if an incident happens and minimise the overall impact to the business,” the report concluded.
“Whether they are caused accidentally or maliciously, insider threat incidents cannot be mitigated with technology alone. Organisations need an Insider Threat Management program that combines people, processes, and technology to identify and prevent incidents within the organisation.”
The post #Privacy: Global cost of insider threats rises by 31% appeared first on PrivSec Report.