This is Ponemon’s fourth benchmark study conducted with the explicit purpose to understand the financial consequences that result from insider threats. A secondary focus is to gain insight into how well organizations are mitigating these risks.

In this 2022 study, Ponemon interviewed 1,004 IT and IT security practitioners in 278 organizations that experienced one or more material events caused by an insider. A total of 6,803 insider incidents are represented in this research.

In the context of this research, insider threats are defined as:

  • A careless or negligent employee or contractor;
  • A criminal or malicious insider; or
  • A credential thief.

This year’s 2022 Cost of Insider Threats Global Report key findings include:

The overall number of incidents has increased by a whopping 44 percent in just two years. The frequency of incidents per company has also gone up with 67 percent of companies experiencing between 21 and more than 40 incidents per year, up from 60 percent in 2020.

Organizations impacted by insider threats spent an average of $15.4 million annually—that’s up 34 percent from $11.45 million in 2020.

The negligent insider is the root cause of most incidents. 56% of reported insider threat incidents were the result of a careless employee or contractor, costing on average $484,931 per incident. This could be the result of a variety of factors, including not ensuring their devices are secured, not following the company’s security policy, or forgetting to patch and upgrade.

Malicious or criminal insiders were behind 1 in 4 incidents (26%) at an average cost per incident of $648,062. Malicious insiders are employees or authorized individuals who use their data access for harmful, unethical, or illegal activities. Because employees are increasingly granted access to more information to enhance productivity in today’s work-from-anywhere workforce, malicious insiders are harder to detect than external attackers or hackers.

The top five activities performed by malicious insiders are: Emailing sensitive data to outside parties (74% of respondents), Scanning for open ports and vulnerabilities (62%), Accessing sensitive data not associated with the role or function (60%), Downloading or accessing large amounts of data not relevant to the role or function (53%), Using unauthorized external storage devices like USBs (50%).

Credential theft incidents have almost doubled since the last study. At an average of $804,997 per incident, credential theft is the costliest to remediate. The intent of the credential thief is to steal users’ credentials that will grant them access to critical data and information. A total of an average 1,247 incidents (or 18%) involved cybercriminals stealing credentials.

The time to contain an insider incident increased from the last study. It takes an average of nearly three months (85 days) to contain an insider incident up from 77 days in the previous study. Incidents that took more than 90 days to contain cost organizations $17.19 million on an annualized basis, while incidents that lasted less than 30 days cost an average of $11.23 million.

Financial services and professional services have the highest average activity costs. The average activity cost for financial services is $21.25 million and professional services is $18.65 million. Service organizations represent a wide range of companies including accounting, consultancy, and professional service firms.

Organizational size affects the cost per incident. The cost of incidents varies according to organizational size. Large organizations with a headcount of more than 75,000 spent an average of $22.68 million over the past year to resolve insider-related incidents. To deal with the consequences of an insider incident, smaller-sized organizations with a headcount below 500
spent an average of $8.13 million.

North American companies are spending more than the average cost on activities that deal with insider threats. The total average cost of activities to resolve insider threats over a 12-month period is $15.4 million. Companies in North America experienced the highest total cost at $17.53 million. European companies had the next highest cost at $15.44 million.

Despite the fact that only 18% of incidents involved credential thieves, 55% of respondents said they are most concerned about this threat. Conversely, even though 56% of incidents involved careless or negligent employees or contractors, only 21% said they are most concerned about this threat.

 

 

SCHEDULE YOUR FULL HALOCK SECURITY BRIEFING