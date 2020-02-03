Impacted enterprises spend an average of $11.45 million a year to address incidents: Proofpoint survey

Employees and contractors – either careless or malicious – continue to pose a significant and growing security threat to enterprises, according to a new study sponsored by Proofpoint and IBM.

The Lowdown: The report, based on a survey of almost 1,000 IT and security pros around the world conducted by The Ponemon Institute, found that on average, organizations impacted by insider threat attacks spent $11.45 million annually on remediation – up 31% since 2018 – and took 77 days to contain each incident.

The Details: Over the last two years, the frequency of insider threats and the associated costs increased sharply across all three categories: careless or negligent employees and contractors, malicious or criminal insiders, and credential theft by cyber-criminals, according to the Cost of Insider Threats 2020 Global Report.



Other top findings include:



>Carelessness: More than 60% of reported inside threat incidents were due to a careless employee or contracts, compared with 23% being the result of malicious insiders. In addition, 14% involved stolen credentials.



>Growing number of incidents: In 2018, there were 3,200 insider threat incidents; there will be 4,700 in 2020, a 47% increase.



>Speed of detection is key: Incidents that took longer than 90 days to contain cost organization $13.71 million on an annualized basis. Incidents that lasted fewer than 30 days cost $7.12 million. On average, it takes 77 days to contain an insider threat incident.



>Company size matters: Organizations with a workforce of more than 75,000 people spent an average of $17.92 million over the past year on insider incidents. Those with fewer than 500 spent $7.68 million.



>Financial services sector: Companies in the industry hit with an insider threat incident spent an average of $14.3 million to contain it. By comparison, energy and utilities companies spent $11.54 million on average while those in retail spent $10.24 million.



The full report can be read here.

The Buzz: “With an average cost of more than $600K per incident, insider threats must be a leading concern for companies worldwide,” said Mike McKee, executive vice president and general manager of insider threat management for Proofpoint. “Organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure. Given that users regularly work across a wide range of applications and systems, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of attacks.”