SUNNYVALE, Calif –  Organizations spent $11.45 million annually on Insider cybersecurity threat remediation that took 77 days to contain, a new report contends.

Proofpoint, a leading cybersecurity and compliance company, today released its Cost of Insider Threats 2020 Global Report. The report, commissioned with The Ponemon Institute and co-sponsored by IBM, surveyed nearly 1,000 IT and IT security practitioners across North America, Europe, Middle East, Africa, and Asia-Pacific. Each organization included in the study experienced one or more material events caused by an insider.

During the last two years, the frequency and costs associated with insider threats increased dramatically across all three insider threat categories, including: careless or negligent employees/contractors, criminal or malicious insiders, and cybercriminal credential theft.

“With an average cost of more than $600,000 per incident, insider threats must be a leading concern for companies worldwide,” said Mike McKee, executive vice president and general manager of Insider Threat Management for Proofpoint. “Organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure. Given that users regularly work across a wide range of applications and systems, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of attacks.”

This year’s Cost of Insider Threats 2020 Global Report key findings include:

  • Organizations impacted by insider threats spent an average of $11.45 million annually—that’s up 31 percent from $8.76 million in 2018.
  • More than 60 percent of reported insider threat incidents were the result of a careless employee or contractor and 23 percent were caused by malicious insiders. A total of 14 percent of all insider threat incidents involved cybercriminals stealing credentials.
  • The number of incidents has also increased by a staggering 47 percent in just two years, from 3,200 in 2018 (Ponemon) to 4,700 in 2020.
  • The longer an insider threat incident lingers, the costlier it gets. Incidents that took more than 90 days to contain cost organizations $13.71 million on an annualized basis, while incidents that lasted less than 30 days cost roughly half, at $7.12 million. It takes an average of more than two months (77 days) to contain an insider incident.
  • The larger the organization the more insider incidents. Large organizations with a headcount of more than 75,000 spent an average of $17.92 million over the past year. To contrast, smaller organizations with a headcount below 500 spent an average of $7.68 million.
  • The financial services industry spent more to contain insider threats per incident than other sectors. Over the past two years the average financial services industry spend was $14.3 million to contain an incident verses $11.54 million for energy and utilities companies and $10.24 million for the retail industry (a 38 percent increase in 2 years).

To download the Cost of Insider Threats 2020 Global Report, please visit: https://www.observeit.com/cost-of-insider-threats/.