Insider threats cost organisations $15.4 million annually — Proofpoint

Insider threats cost organisations $15.4 million annually — Proofpoint image

Frequency increased by almost half over the past two years, according to the study.

Research released today by Proofpoint has revealed that organisations impacted by insider threats spent an average of $15.4 million annually, up 34% from 2020

According to the 2022 Cost of Insider Threats Global Report from enterprise security provider Proofpoint, alongside Ponemon Institute, it took organisations an average of 85 days to contain each incident.

Over the last two years, frequency of insider threats has increased by 44%, according to Proofpoint, with three identified categories consisting of:

  • careless or negligent employees/contractors (56% of incidents);
  • criminal or malicious insiders (26%);
  • cyber criminal credential theft (18%).

67% of surveyed companies experienced between 21 and more than 40 incidents per year, up from 60% in 2020.

Incidents caused by malicious or criminal insiders cost organisations an average of $648,062, while negligent insiders cost companies $484,931 per incident.

Negligence, according to the study, could include not ensuring devices are secured, not following the company’s security policy, or forgetting to patch and upgrade, among other factors.

Meanwhile, criminal insiders use data access, which has increased for the purpose of enhanced productivity, for harmful, unethical, or illegal activities.

Credential theft incidents have almost doubled since the last study, and prove the costliest to remediate with an average of $804,997 per incident.

Addressing insider threats: how board members can maintain cyber security

Paul Stark, general manager, UK at OnBoard, discusses how board members can address insider threats by maintaining cyber security. Read here

“Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organisations and take data with them,” said Ryan Kalember, executive vice-president of cyber security strategy at Proofpoint.

“In addition, organisational insiders, including employees, contractors, and third-party vendors, are an…