Findings from a new benchmark study released by the Ponemon Institute, focused on quantifying the financial impact of insider threats on the enterprise has revealed that organizations are spending an average of $4.3 million annually to mitigate, address, and resolve insider-related incidents – with that spend surpassing $17 million annually in the most significant cases.
The report, titled ‘2016 Cost of Insider Threats,’ notes that user credential theft and malicious or criminal activity carried a more substantial cost-per-incident, the frequency and volume of insider incidents caused by employee and contractor negligence recorded the highest annual cost, averaging nearly $2.3 million.
In addition to aggregating the costs resulting from insider-related incidents, the study analyzed the technologies and solutions deployed across the organizations surveyed to address insider threats, as well as the effectiveness of those solutions as measured in incremental cost savings.
In line with expectations, legacy solutions – such as data loss prevention (DLP), user awareness and training, and network intelligence – ranked among the most frequently deployed tools (at 46 percent, 43 percent, and 35 percent respectively). Yet, despite being the most pervasive, the incremental cost savings driven by these legacy technologies were among the lowest recorded, with network intelligence and user training yielding $0.3 million.
At the same time, the survey showed the average time to contain an insider-related incident across the same organizations was 65.4 days – and noted the total annualized cost for an incident lasting more than 60 days averaged $4.5 million, climbing to $5.7 million after 90 days.
“External forces, or the possibility of an external attack, have commanded the focus and attention of today’s IT leaders with the perception that they pose the biggest threat to the enterprise,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute in a prepared statement.
“Our study is the first of its kind to uncover the equally substantial – and, at times, devastating – effects that insider threats can impose on an organization, from mitigation and detection through resolution and investigation,” he added.
“Companies perceive insider threat as mostly driven by malicious employees, but the fact is that a significant portion of the risk is due to insider carelessness,” said Christy Wyatt, CEO at Dtex Systems.
“This study underscores what we’ve seen for many years now: well-intentioned employees don’t always fully understand what puts both them and valuable company information at risk. In working with a wide range of organizations, of all sizes and across all industries, we’ve found that capturing and analyzing user activity at the endpoint is essential to rapidly identifying careless behavior and minimizing any impact,” he added.