A new study from The Ponemon Institue found that organizations are spending nearly 60% more to recover from insider threats compared to three years ago. 

The study involved companies located in North America, Europe, the Middle East, and the Asia-Pacific region. The report found that cybersecurity events caused by insider threats have increased by almost 50% since 2018.

This increase has caused organizations across all industries to increase spending to an average of $11.45 million annually to remediate this negligent and/or malicious insider activity, representing a 60% increase in spending compared to three years ago. 

This report splits incidents into three categories of threat: 

1. Those caused unintentionally by negligent employees/contractors

2. Those instigated by credential thieves who use insiders' login details to gain unauthorized access to applications and systems

3. Those carried out by criminals and malicious insiders to damage an organization's reputation

The health and pharmaceutical industry reportedly spend $10.81 million each year to recover from security incidents caused by insider threats. Additionally, organizations with more than 75,000 employees reported spending an average of $17.92 million over the past year to recover from these threats, and organizations will less than 500 employees spent on average of $7.68 million to safeguard against these attacks. 

The Financial Services, Energy & Utilities, and the Retail Industry were found to be the three largest impacted organizations. Financial Services have accumulated $14.05 million in losses - a rise of 20% - to remediate insider breaches over the last two years. 

Overall, the average cost accumulated by organizations due to careless or negligent insiders stands at $4.58 million a year. 

Researchers also found that incidents that take over 90 days to contain cost organizations $13.71 million in losses annually, while incidents that last less than 30 days cost organizations around $7.12 million per year. However, it takes an average of two months to contain an insider threat. 

As insider threats continue to increase year after year, it's important that organizations implement real-time prevention solutions like Intrusion Detection and Prevention systems as well as improve employees' security best practices.

Employees being 'over-privileged' in terms of rights and permissions is one of the biggest vulnerabilities found within an organization. For this reason, organizations must ensure that access controls are being strictly enforced.

CIS Control #4 suggests maintaining the principle of lead privilege and ensure that all users with administrative account access use a dedicated or security account for elevated activities. In addition, configure systems to issue a log entry and alert when an account is added or removed from any group assigned administrative privileges. 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.